unknown ip in my access log

[chanklish]

hello awesome people
so i am checking my access log and i find several things and IP i do not know like - Removed - and such ..
what are these exactly ? i have 2FA,access host control only to my IP,cphulk and firewall enabled .. am i hacked?

- PDF file removed -

 

[chanklish]

Mod why was the attachment removed ? how can i show my log then ?!

 

[Infopro]

Mod why was the attachment removed ? how can i show my log then ?!

My apologies, I don't know you and have no need to see something in pdf format. These days thats a bad idea all around. We don't need actual domain names or IP addresses posted to these forums. Please review this thread for more details:
Guide To Opening An Effective Forums Thread

If you suspect your server might have been compromised, you might want to hire someone to take a closer look for you:
System Administration Services | cPanel Forums

Analyzing a compromsed server on the forums is not the best way to go here, I don't think.

 

[chanklish]

i just wanted an advice to know if i need system admin services - all the IP and domains shown in the pdf log are not mine

 

[Infopro]

Please feel free to post a snip of the log output wrapped in bbcode code tags with partially obfuscated IP addresses. We don't know what the problem is, but there's no need to display the actual IPs from your log, on a public forum. (Even if it is a bad guy.)

That might be helpful here.

 

[chanklish]

hi infopro
these are two examples

139.194.12x.xxx - - [01/01/2017:16:30:27 -0000] "GET /cPanel_magic_revision_1472153805/unprotected/cpanel/images/whm-logo_white.svg HTTP/1.1" 200 0 "https://server.example.com:2087/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" "-" "-" 2087
139.194.12x.xxx - - [01/01/2017:16:30:27 -0000] "GET /cPanel_magic_revision_1472153805/unprotected/cpanel/style_v2_optimized.css HTTP/1.1" 200 0 "https://server.example.com:2087/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" "-" "-" 2087
139.194.12x.xxx - - [01/01/2017:16:30:27 -0000] "GET /cPanel_magic_revision_1472153805/unprotected/cpanel/images/notice-error.png HTTP/1.1" 200 0 "https://server.example.com:2087/cPanel_magic_revision_1472153805/unprotected/cpanel/style_v2_optimized.css" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" "-" "-" 2087
139.194.12x.xxx - - [01/01/2017:16:30:27 -0000] "GET /cPanel_magic_revision_1386192033/unprotected/cpanel/fonts/open_sans/OpenSans-Regular-webfont.woff HTTP/1.1" 200 0 "https://server.example.com:2087/cPanel_magic_revision_1386192030/unprotected/cpanel/fonts/open_sans/open_sans.min.css" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" "-" "-" 2087
139.194.12x.xxx - - [01/01/2017:16:30:28 -0000] "GET /cPanel_magic_revision_1386192033/unprotected/cpanel/fonts/open_sans/OpenSans-Semibold-webfont.woff HTTP/1.1" 200 0 "https://server.example.com:2087/cPanel_magic_revision_1386192030/unprotected/cpanel/fonts/open_sans/open_sans.min.css" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" "-" "-" 2087

71.6.146.xxx - - [12/27/2016:20:39:17 -0000] "GET / HTTP/1.1" 401 0 "" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/537.36" "-" "-" 2083
- - - [12/27/2016:20:39:18 -0000] "-" 301 0 "" "-" "-" "-" 2082
- - - [12/27/2016:20:39:18 -0000] "-" 301 0 "" "-" "-" "-" 2082
- - - [12/27/2016:20:39:23 -0000] "-" 301 0 "" "-" "-" "-" 2082
127.0.0.1 - - [12/27/2016:20:40:20 -0000] "GET /.__cpanel__service__check__./serviceauth?sendkey=__HIDDEN__&version=1.2 HTTP/1.0" 200 0 "" "-" "-" "-" 2086
127.0.0.1 - - [12/28/2016:03:56:56 -0000] "GET / HTTP/1.1" 401 0 "" "HTTP-Tiny/0.058" "-" "-" 2086
66.240.219.xxx - - [12/28/2016:07:24:02 -0000] "GET / HTTP/1.1" 301 0 "" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36" "-" "-" 2086
66.240.219.xxx - - [12/28/2016:07:24:05 -0000] "GET / HTTP/1.1" 401 0 "" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/537.36" "-" "-" 2087
139.194.12x.xxx - - [01/01/2017:16:30:28 -0000] "GET /cPanel_magic_revision_1472153805/unprotected/cpanel/images/cp-logo_white.svg HTTP/1.1" 200 0 "https://server.example.com:2087/cPanel_magic_revision_1472153805/unprotected/cpanel/style_v2_optimized.css" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" "-" "-" 2087

 

[Infopro]

Have you noticed the dates on these entries?

 

[chanklish]

Have you noticed the dates on these entries?

yes but i have similar entries in 2019

172.104.133.xxx - - [12/10/2018:17:04:38 -0000] "-" 401 0 "-" "-" "-" "-" 2083
172.104.133.xxx - - [12/10/2018:17:04:39 -0000] "-" 401 0 "-" "-" "-" "-" 2083

46.188.107.xxx - - [12/10/2018:23:35:49 -0000] "-" 401 0 "-" "-" "-" "-" 2083
176.14.10.xx - - [12/10/2018:23:35:51 -0000] "-" 401 0 "-" "-" "-" "-" 2083

95.28.230.1xx - - [12/12/2018:13:18:44 -0000] "-" 401 0 "-" "-" "-" "-" 2083
128.72.43.xx7 - - [12/12/2018:13:18:44 -0000] "-" 401 0 "-" "-" "-" "-" 2087
46.42.129.xxx - - [12/12/2018:13:18:44 -0000] "-" 401 0 "-" "-" "-" "-" 2083
188.244.34.1xx - - [12/12/2018:13:18:44 -0000] "-" 401 0 "-" "-" "-" "-" 2087
176.193.125.xx - - [12/12/2018:13:18:44 -0000] "-" 401 0 "-" "-" "-" "-" 2096
37.204.192.1xx - - [12/12/2018:13:18:50 -0000] "-" 401 0 "-" "-" "-" "-" 2083

 

[Infopro]

None of them are 2019 either.

To answer your original question with concern for your account being compromised, I don't think it is.

 

[chanklish]

None of them are 2019 either.

To answer your original question with concern for your account being compromised, I don't think it is.

yes i did not choose 2019 specifically as i was trying to show the most of the ip
thank you