ENG,WP GET /wp-login.php

Jul 24 01:31:00 aat-srv002 sshd[2367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.9.40.211
Jul 24 01:31:03 aat-srv002 sshd[2367]: Failed password for invalid user elvis from 5.9.40.211 port 50644 ssh2
Jul 24 01:35:22 aat-srv002 sshd[2475]: Failed password for root from 5.9.40.211 port 47040 ssh2
Jul 24 01:39:51 aat-srv002 sshd[2573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.9.40.211
...

Jul 24 07:30:27 MailServer postfix/smtpd[2881]: NOQUEUE: reject: RCPT from unknown[142.147.97.180]: 454 4.7.1 : Relay access denied; from= to= proto=ESMTP helo=
Jul 24 07:30:28 MailServer postfix/smtpd[2881]: NOQUEUE: reject: RCPT from unknown[142.147.97.180]: 454 4.7.1 : Relay access denied; from= to= proto=ESMTP helo=
Jul 24 07:30:29 MailServer postfix/smtpd[2881]: NOQUEUE: reject: RCPT from unknown[142.147.97.180]: 454 4.7.1 : Relay access denied; from= to= proto=ESMTP helo=
...

Jul 24 02:43:18 vps200512 sshd\[18711\]: Invalid user jeff from 111.207.49.186
Jul 24 02:43:18 vps200512 sshd\[18711\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.207.49.186
Jul 24 02:43:20 vps200512 sshd\[18711\]: Failed password for invalid user jeff from 111.207.49.186 port 35782 ssh2
Jul 24 02:46:50 vps200512 sshd\[18752\]: Invalid user junior from 111.207.49.186
Jul 24 02:46:50 vps200512 sshd\[18752\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.207.49.186

Port scan attempt detected by AWS-CCS, CTS, India

\[2019-07-24 02:17:34\] SECURITY\[20812\] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-07-24T02:17:34.480-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="011441144630211",SessionID="0x7f06f823f758",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/185.53.88.22/52623",ACLName="no_extension_match"
\[2019-07-24 02:18:38\] SECURITY\[20812\] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-07-24T02:18:38.820-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="9011441144630211",SessionID="0x7f06f83e80f8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/185.53.88.22/56744",ACLName="no_extension_match"
\[2019-07-24 02:19:44\] SECURITY\[20812\] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-07-24T02:19:44.825-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="9441144630211",SessionID="0x7f06f823f758",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/185.53.88.22/57097",ACLName="no_exte

Jul 24 08:02:24 eventyay sshd[2120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.210.6.53
Jul 24 08:02:25 eventyay sshd[2120]: Failed password for invalid user zzzz from 58.210.6.53 port 53351 ssh2
Jul 24 08:06:33 eventyay sshd[3116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.210.6.53
...

scan z

Jul 24 07:30:18 mail sshd\[16688\]: Invalid user smh from 37.187.19.222
Jul 24 07:30:18 mail sshd\[16688\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.187.19.222
Jul 24 07:30:20 mail sshd\[16688\]: Failed password for invalid user smh from 37.187.19.222 port 43678 ssh2
...

Jul 24 01:13:21 aat-srv002 sshd[1916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.150.172.40
Jul 24 01:13:23 aat-srv002 sshd[1916]: Failed password for invalid user a1b2c3 from 129.150.172.40 port 21747 ssh2
Jul 24 01:18:09 aat-srv002 sshd[2035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.150.172.40
Jul 24 01:18:11 aat-srv002 sshd[2035]: Failed password for invalid user phoenix from 129.150.172.40 port 47838 ssh2
...

2019-07-24T06:59:15.113434abusebot-2.cloudsearch.cf sshd\[657\]: Invalid user testftp from 91.121.136.44 port 46374

Jul 24 07:29:44 [munged] sshd[6141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.93.245.104  user=support
Jul 24 07:29:45 [munged] sshd[6141]: Failed password for support from 119.93.245.104 port 60623 ssh2

Jul 24 08:30:14 srv-4 sshd\[11626\]: Invalid user user from 189.109.247.150
Jul 24 08:30:14 srv-4 sshd\[11626\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.109.247.150
Jul 24 08:30:15 srv-4 sshd\[11626\]: Failed password for invalid user user from 189.109.247.150 port 26089 ssh2
...

Jul 24 01:23:42 aat-srv002 sshd[2205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.79.38.242
Jul 24 01:23:44 aat-srv002 sshd[2205]: Failed password for invalid user planet from 41.79.38.242 port 46446 ssh2
Jul 24 01:29:42 aat-srv002 sshd[2343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.79.38.242
Jul 24 01:29:44 aat-srv002 sshd[2343]: Failed password for invalid user kafka from 41.79.38.242 port 42252 ssh2
...

Jul 24 12:22:32 vibhu-HP-Z238-Microtower-Workstation sshd\[14650\]: Invalid user brayden from 145.239.198.218
Jul 24 12:22:32 vibhu-HP-Z238-Microtower-Workstation sshd\[14650\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=145.239.198.218
Jul 24 12:22:34 vibhu-HP-Z238-Microtower-Workstation sshd\[14650\]: Failed password for invalid user brayden from 145.239.198.218 port 50372 ssh2
Jul 24 12:26:59 vibhu-HP-Z238-Microtower-Workstation sshd\[14808\]: Invalid user thanks from 145.239.198.218
Jul 24 12:26:59 vibhu-HP-Z238-Microtower-Workstation sshd\[14808\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=145.239.198.218
...

Scanning (more than 2 packets) random ports - tries to find possible vulnerable services