Jun 06 09:19:38 bunny.militech.org mod_evasive[892342]: Blacklisting address 146.70.72.78: possible DoS attack. Jun 08 13:08:06 bunny.militech.org mod_evasive[892342]: Blacklisting address 34.78.115.53: possible DoS attack. # cat /var/log/httpd/access_log| grep "146.70.72.78" 146.70.72.78 - - 146.70.72.78 - - [06/Jun/2023:09:18:11 -0500] "POST / HTTP/1.1" 200 60618 "-" "python-requests/2.28.2" 146.70.72.78 - - 146.70.72.78 - - [06/Jun/2023:09:18:11 -0500] "POST / HTTP/1.1" 200 60618 "-" "python-requests/2.28.2" 146.70.72.78 - - 146.70.72.78 - - [06/Jun/2023:09:18:11 -0500] "POST / HTTP/1.1" 200 60618 "-" "python-requests/2.28.2" 146.70.72.78 - - 146.70.72.78 - - [06/Jun/2023:09:18:12 -0500] "POST / HTTP/1.1" 200 60618 "-" "python-requests/2.28.2" 146.70.72.78 - - 146.70.72.78 - - [06/Jun/2023:09:18:13 -0500] "POST / HTTP/1.1" 200 60618 "-" "python-requests/2.28.2" 146.70.72.78 - - 146.70.72.78 - - [06/Jun/2023:09:18:22 -0500] "POST / HTTP/1.1" 200 60618 "-" "python-requests/2.28.2" 146.70.72.78 - - 146.70.72.78 - - [06/Jun/2023:09:18:22 -0500] "POST / HTTP/1.1" 200 60618 "-" "python-requests/2.28.2" 146.70.72.78 - - 146.70.72.78 - - [06/Jun/2023:09:18:22 -0500] "POST / HTTP/1.1" 200 60618 "-" "python-requests/2.28.2" 146.70.72.78 - - 146.70.72.78 - - [06/Jun/2023:09:18:23 -0500] "POST / HTTP/1.1" 200 60618 "-" "python-requests/2.28.2" 146.70.72.78 - - 146.70.72.78 - - [06/Jun/2023:09:18:23 -0500] "POST / HTTP/1.1" 200 60618 "-" "python-requests/2.28.2" 146.70.72.78 - - 146.70.72.78 - - [06/Jun/2023:09:18:23 -0500] "POST / HTTP/1.1" 200 7184 "-" "python-requests/2.28.2" 146.70.72.78 - - 146.70.72.78 - - [06/Jun/2023:09:18:32 -0500] "POST / HTTP/1.1" 200 60618 "-" "python-requests/2.28.2" 146.70.72.78 - - 146.70.72.78 - - [06/Jun/2023:09:18:32 -0500] "POST / HTTP/1.1" 200 60618 "-" "python-requests/2.28.2" 146.70.72.78 - - 146.70.72.78 - - [06/Jun/2023:09:18:47 -0500] "POST / HTTP/1.1" 200 60618 "-" "python-requests/2.28.2" 146.70.72.78 - - 146.70.72.78 - - [06/Jun/2023:09:18:49 -0500] "POST / HTTP/1.1" 200 60618 "-" "python-requests/2.28.2" 146.70.72.78 - - 146.70.72.78 - - [06/Jun/2023:09:18:51 -0500] "POST / HTTP/1.1" 200 12347 "-" "python-requests/2.28.2" 146.70.72.78 - - 146.70.72.78 - - [06/Jun/2023:09:19:02 -0500] "POST / HTTP/1.1" 200 60618 "-" "python-requests/2.28.2" 146.70.72.78 - - 146.70.72.78 - - [06/Jun/2023:09:19:12 -0500] "POST / HTTP/1.1" 200 60618 "-" "python-requests/2.28.2" 146.70.72.78 - - 146.70.72.78 - - [06/Jun/2023:09:19:12 -0500] "POST / HTTP/1.1" 200 60618 "-" "python-requests/2.28.2" 146.70.72.78 - - 146.70.72.78 - - [06/Jun/2023:09:19:13 -0500] "POST / HTTP/1.1" 200 1713 "-" "python-requests/2.28.2" 146.70.72.78 - - 146.70.72.78 - - [06/Jun/2023:09:19:23 -0500] "POST / HTTP/1.1" 200 60618 "-" "python-requests/2.28.2" 146.70.72.78 - - 146.70.72.78 - - [06/Jun/2023:09:19:24 -0500] "POST / HTTP/1.1" 200 60618 "-" "python-requests/2.28.2" 146.70.72.78 - - 146.70.72.78 - - [06/Jun/2023:09:19:25 -0500] "POST / HTTP/1.1" 200 3518 "-" "python-requests/2.28.2" 146.70.72.78 - - 146.70.72.78 - - [06/Jun/2023:09:19:38 -0500] "POST / HTTP/1.1" 403 8474 "-" "python-requests/2.28.2" 146.70.72.78 - - 146.70.72.78 - - [06/Jun/2023:09:19:38 -0500] "POST / HTTP/1.1" 200 1713 "-" "python-requests/2.28.2" 146.70.72.78 - - 146.70.72.78 - - [06/Jun/2023:09:19:38 -0500] "POST / HTTP/1.1" 200 60618 "-" "python-requests/2.28.2" 146.70.72.78 - - 146.70.72.78 - - [06/Jun/2023:09:19:39 -0500] "POST / HTTP/1.1" 200 60618 "-" "python-requests/2.28.2" 146.70.72.78 - - 146.70.72.78 - - [06/Jun/2023:09:19:39 -0500] "POST / HTTP/1.1" 200 60618 "-" "python-requests/2.28.2" 146.70.72.78 - - 146.70.72.78 - - [06/Jun/2023:09:19:40 -0500] "POST / HTTP/1.1" 200 4136 "-" "python-requests/2.28.2" 146.70.72.78 - - 146.70.72.78 - - [06/Jun/2023:09:19:52 -0500] "POST / HTTP/1.1" 200 60618 "-" "python-requests/2.28.2" 146.70.72.78 - - 146.70.72.78 - - [06/Jun/2023:09:19:52 -0500] "POST / HTTP/1.1" 200 60618 "-" "python-requests/2.28.2" 146.70.72.78 - - 146.70.72.78 - - [06/Jun/2023:09:19:52 -0500] "POST / HTTP/1.1" 200 60618 "-" "python-requests/2.28.2" 146.70.72.78 - - 146.70.72.78 - - [06/Jun/2023:09:20:04 -0500] "POST / HTTP/1.1" 200 60618 "-" "python-requests/2.28.2" 146.70.72.78 - - 146.70.72.78 - - [06/Jun/2023:09:20:05 -0500] "POST / HTTP/1.1" 200 60618 "-" "python-requests/2.28.2" ************************************************************************************************ ** Note: Site does not run Python. So The prior is a Malicious Attack to Gain Privileges. ** ************************************************************************************************ 141.98.6.209 - - 141.98.6.209 - - [08/Jun/2023:10:30:48 -0500] "GET / HTTP/1.1" 302 214 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36" 141.98.6.209 - - 141.98.6.209 - - [08/Jun/2023:10:30:52 -0500] "GET / HTTP/1.1" 200 26997 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36" 141.98.6.209 - - 141.98.6.209 - - [08/Jun/2023:10:30:53 -0500] "GET //wp-includes/wlwmanifest.xml HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88 .0.4240.193 Safari/537.36" 141.98.6.209 - - 141.98.6.209 - - [08/Jun/2023:10:30:53 -0500] "GET //xmlrpc.php?rsd HTTP/1.1" 404 16 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Sa fari/537.36" 141.98.6.209 - - 141.98.6.209 - - [08/Jun/2023:10:30:53 -0500] "GET / HTTP/1.1" 200 26997 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36" 141.98.6.209 - - 141.98.6.209 - - [08/Jun/2023:10:30:56 -0500] "GET //blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chro me/88.0.4240.193 Safari/537.36" 141.98.6.209 - - 141.98.6.209 - - [08/Jun/2023:10:30:56 -0500] "GET //web/wp-includes/wlwmanifest.xml HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrom e/88.0.4240.193 Safari/537.36" 141.98.6.209 - - 141.98.6.209 - - [08/Jun/2023:10:30:56 -0500] "GET //wordpress/wp-includes/wlwmanifest.xml HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36" 141.98.6.209 - - 141.98.6.209 - - [08/Jun/2023:10:30:56 -0500] "GET //website/wp-includes/wlwmanifest.xml HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) C hrome/88.0.4240.193 Safari/537.36" 141.98.6.209 - - 141.98.6.209 - - [08/Jun/2023:10:30:57 -0500] "GET //wp/wp-includes/wlwmanifest.xml HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome /88.0.4240.193 Safari/537.36" 141.98.6.209 - - 141.98.6.209 - - [08/Jun/2023:10:30:57 -0500] "GET //news/wp-includes/wlwmanifest.xml HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chro me/88.0.4240.193 Safari/537.36" 141.98.6.209 - - 141.98.6.209 - - [08/Jun/2023:10:30:57 -0500] "GET //2020/wp-includes/wlwmanifest.xml HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chro me/88.0.4240.193 Safari/537.36" 141.98.6.209 - - 141.98.6.209 - - [08/Jun/2023:10:30:57 -0500] "GET //2019/wp-includes/wlwmanifest.xml HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chro me/88.0.4240.193 Safari/537.36" 141.98.6.209 - - 141.98.6.209 - - [08/Jun/2023:10:30:57 -0500] "GET //shop/wp-includes/wlwmanifest.xml HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chro me/88.0.4240.193 Safari/537.36" 141.98.6.209 - - 141.98.6.209 - - [08/Jun/2023:10:30:58 -0500] "GET //wp1/wp-includes/wlwmanifest.xml HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrom e/88.0.4240.193 Safari/537.36" 141.98.6.209 - - 141.98.6.209 - - [08/Jun/2023:10:30:58 -0500] "GET //test/wp-includes/wlwmanifest.xml HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chro me/88.0.4240.193 Safari/537.36" 141.98.6.209 - - 141.98.6.209 - - [08/Jun/2023:10:30:58 -0500] "GET //wp2/wp-includes/wlwmanifest.xml HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrom e/88.0.4240.193 Safari/537.36" 141.98.6.209 - - 141.98.6.209 - - [08/Jun/2023:10:30:58 -0500] "GET //site/wp-includes/wlwmanifest.xml HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chro me/88.0.4240.193 Safari/537.36" 141.98.6.209 - - 141.98.6.209 - - [08/Jun/2023:10:30:58 -0500] "GET //cms/wp-includes/wlwmanifest.xml HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrom e/88.0.4240.193 Safari/537.36" 141.98.6.209 - - 141.98.6.209 - - [08/Jun/2023:10:30:59 -0500] "GET //sito/wp-includes/wlwmanifest.xml HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chro me/88.0.4240.193 Safari/537.36" ************************************************************************************************ ** Note: Site does not run Wordpress. So The prior is a Malicious Attack to Gain Privileges. ** ************************************************************************************************ # whois 146.70.72.78 # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/resources/registry/whois/tou/ # # If you see inaccuracies in the results, please report at # https://www.arin.net/resources/registry/whois/inaccuracy_reporting/ # # Copyright 1997-2023, American Registry for Internet Numbers, Ltd. # NetRange: 146.70.0.0 - 146.70.255.255 CIDR: 146.70.0.0/16 NetName: RIPE-ERX-146-70-0-0 NetHandle: NET-146-70-0-0-1 Parent: NET146 (NET-146-0-0-0-0) NetType: Early Registrations, Transferred to RIPE NCC OriginAS: Organization: RIPE Network Coordination Centre (RIPE) RegDate: 2004-02-04 Updated: 2004-02-04 Comment: These addresses have been further assigned to users in Comment: the RIPE NCC region. Contact information can be found in Comment: the RIPE database at http://www.ripe.net/whois Ref: https://rdap.arin.net/registry/ip/146.70.0.0 ResourceLink: https://apps.db.ripe.net/search/query.html ResourceLink: whois.ripe.net OrgName: RIPE Network Coordination Centre OrgId: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL RegDate: Updated: 2013-07-29 Ref: https://rdap.arin.net/registry/entity/RIPE ReferralServer: whois://whois.ripe.net ResourceLink: https://apps.db.ripe.net/search/query.html OrgAbuseHandle: ABUSE3850-ARIN OrgAbuseName: Abuse Contact OrgAbusePhone: +31205354444 OrgAbuseEmail: abuse@ripe.net OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN OrgTechHandle: RNO29-ARIN OrgTechName: RIPE NCC Operations OrgTechPhone: +31 20 535 4444 OrgTechEmail: hostmaster@ripe.net OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/resources/registry/whois/tou/ # # If you see inaccuracies in the results, please report at # https://www.arin.net/resources/registry/whois/inaccuracy_reporting/ # # Copyright 1997-2023, American Registry for Internet Numbers, Ltd. # Found a referral to whois.ripe.net. % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf % Note: this output has been filtered. % To receive output for a database update, use the "-B" flag. % Information related to '146.70.72.0 - 146.70.72.255' % Abuse contact for '146.70.72.0 - 146.70.72.255' is 'abuse@m247.ro' inetnum: 146.70.72.0 - 146.70.72.255 netname: M247-LTD-NewYork descr: M247 LTD New York Infrastructure country: US geoloc: 40.7175544 -74.0083725 admin-c: NYC-RIPE tech-c: NYC-RIPE status: LEGACY remarks: ---- LEGAL CONCERNS ---- remarks: For any legal requests, please send an email to remarks: ro-legal@m247.ro for a maximum 48hours response. remarks: ---- LEGAL CONCERNS---- mnt-by: GLOBALAXS-MNT created: 2021-09-21T08:01:09Z last-modified: 2021-09-21T08:01:09Z source: RIPE role: GLOBALAXS NYC NOC address: Equinix NY8 60 Hudson Street, Suite 1602, 10013 New York, New York, USA abuse-mailbox: abuse@m247.ro nic-hdl: NYC-RIPE mnt-by: GLOBALAXS-MNT created: 2017-08-18T13:02:16Z last-modified: 2018-11-16T09:45:29Z source: RIPE # Filtered % Information related to '146.70.72.0/24AS9009' route: 146.70.72.0/24 origin: AS9009 descr: M247 Europe Infra mnt-by: GLOBALAXS-MNT created: 2021-08-06T13:49:29Z last-modified: 2021-08-06T13:49:29Z source: RIPE % This query was served by the RIPE Database Query Service version 1.106.1 (ABERDEEN)