\[May  6 22:37:45\] NOTICE\[2019\] chan_sip.c: Registration from '"2005" \' failed for '103.145.12.58:5344' - Wrong password
\[May  6 22:37:45\] NOTICE\[2019\] chan_sip.c: Registration from '"2005" \' failed for '103.145.12.58:5344' - Wrong password
\[May  6 22:37:45\] NOTICE\[2019\] chan_sip.c: Registration from '"2005" \' failed for '103.145.12.58:5344' - Wrong password
\[May  6 22:37:45\] NOTICE\[2019\] chan_sip.c: Registration from '"2005" \' failed for '103.145.12.58:5344' - Wrong password
\[May  6 22:37:45\] NOTICE\[2019\] chan_sip.c: Registration from '"2005" \' failed for '103.145.12.58:5344' - Wrong password
\[May  6 22:37:45\] NOTICE\[2019\] chan_sip.c: Registration from '"2005" \' failed for '103.145.12.58:5344' - Wrong password
\[May  6 22:37:45\] NOTICE\[2019\] chan_sip.c: Registration from '"20
...

[2020-05-06 07:34:26] NOTICE[1157] chan_sip.c: Registration from '"2002" ' failed for '103.145.12.58:5224' - Wrong password
[2020-05-06 07:34:26] SECURITY[1173] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-05-06T07:34:26.667-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="2002",SessionID="0x7f5f100266a8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/103.145.12.58/5224",Challenge="181ca8e0",ReceivedChallenge="181ca8e0",ReceivedHash="f5d2f28f656fa5c652ea687211ad73c0"
[2020-05-06 07:34:26] NOTICE[1157] chan_sip.c: Registration from '"2002" ' failed for '103.145.12.58:5224' - Wrong password
[2020-05-06 07:34:26] SECURITY[1173] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-05-06T07:34:26.773-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="2002",SessionID="0x7f5f10613848",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/10
...

firewall-block, port(s): 5060/udp

VoIP Brute Force - 103.145.12.228 - Auto Report
...

VoIP Brute Force - 103.145.12.228 - Auto Report
...

[2020-10-03 19:40:53] NOTICE[1182][C-00000d42] chan_sip.c: Call from '' (103.145.12.227:58963) to extension '0046812111802' rejected because extension not found in context 'public'.
[2020-10-03 19:40:53] SECURITY[1204] res_security_log.c: SecurityEvent="FailedACL",EventTV="2020-10-03T19:40:53.670-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="0046812111802",SessionID="0x7f22f8572958",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/103.145.12.227/58963",ACLName="no_extension_match"
[2020-10-03 19:41:59] NOTICE[1182][C-00000d43] chan_sip.c: Call from '' (103.145.12.227:57346) to extension '90046812111802' rejected because extension not found in context 'public'.
[2020-10-03 19:41:59] SECURITY[1204] res_security_log.c: SecurityEvent="FailedACL",EventTV="2020-10-03T19:41:59.743-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="90046812111802",SessionID="0x7f22f83b6678",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/103
...

[2020-10-03 12:24:04] NOTICE[1182][C-00000b6d] chan_sip.c: Call from '' (103.145.12.227:58599) to extension '90046812111802' rejected because extension not found in context 'public'.
[2020-10-03 12:24:04] SECURITY[1204] res_security_log.c: SecurityEvent="FailedACL",EventTV="2020-10-03T12:24:04.770-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="90046812111802",SessionID="0x7f22f8572958",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/103.145.12.227/58599",ACLName="no_extension_match"
[2020-10-03 12:27:20] NOTICE[1182][C-00000b71] chan_sip.c: Call from '' (103.145.12.227:52542) to extension '01146812111802' rejected because extension not found in context 'public'.
...

[2020-10-02 18:57:04] NOTICE[1182][C-000006fa] chan_sip.c: Call from '' (103.145.12.227:54771) to extension '801146812111458' rejected because extension not found in context 'public'.
[2020-10-02 18:57:04] SECURITY[1204] res_security_log.c: SecurityEvent="FailedACL",EventTV="2020-10-02T18:57:04.023-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="801146812111458",SessionID="0x7f22f8418138",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/103.145.12.227/54771",ACLName="no_extension_match"
[2020-10-02 18:57:38] NOTICE[1182][C-000006fb] chan_sip.c: Call from '' (103.145.12.227:58701) to extension '0046812111458' rejected because extension not found in context 'public'.
[2020-10-02 18:57:38] SECURITY[1204] res_security_log.c: SecurityEvent="FailedACL",EventTV="2020-10-02T18:57:38.818-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="0046812111458",SessionID="0x7f22f8418138",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/1
...

Port scan denied

Port scan denied

[2020-09-24 19:43:06] NOTICE[1159][C-000014a4] chan_sip.c: Call from '' (103.145.12.227:50812) to extension '01146812410910' rejected because extension not found in context 'public'.
[2020-09-24 19:43:06] SECURITY[1198] res_security_log.c: SecurityEvent="FailedACL",EventTV="2020-09-24T19:43:06.869-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="01146812410910",SessionID="0x7fcaa02d7a38",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/103.145.12.227/50812",ACLName="no_extension_match"
[2020-09-24 19:45:13] NOTICE[1159][C-000014a7] chan_sip.c: Call from '' (103.145.12.227:52024) to extension '901146812410910' rejected because extension not found in context 'public'.
[2020-09-24 19:45:13] SECURITY[1198] res_security_log.c: SecurityEvent="FailedACL",EventTV="2020-09-24T19:45:13.790-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="901146812410910",SessionID="0x7fcaa0022038",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP
...

[2020-09-20 09:58:24] NOTICE[1239][C-000059e9] chan_sip.c: Call from '' (103.145.12.227:57874) to extension '01146812410910' rejected because extension not found in context 'public'.
[2020-09-20 09:58:24] SECURITY[1264] res_security_log.c: SecurityEvent="FailedACL",EventTV="2020-09-20T09:58:24.645-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="01146812410910",SessionID="0x7f4d48338208",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/103.145.12.227/57874",ACLName="no_extension_match"
[2020-09-20 10:00:07] NOTICE[1239][C-000059ec] chan_sip.c: Call from '' (103.145.12.227:64684) to extension '901146812410910' rejected because extension not found in context 'public'.
[2020-09-20 10:00:07] SECURITY[1264] res_security_log.c: SecurityEvent="FailedACL",EventTV="2020-09-20T10:00:07.232-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="901146812410910",SessionID="0x7f4d482f9458",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP
...

[2020-09-20 01:54:12] NOTICE[1239][C-0000581f] chan_sip.c: Call from '' (103.145.12.227:63639) to extension '01146812410910' rejected because extension not found in context 'public'.
[2020-09-20 01:54:12] SECURITY[1264] res_security_log.c: SecurityEvent="FailedACL",EventTV="2020-09-20T01:54:12.827-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="01146812410910",SessionID="0x7f4d48423e18",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/103.145.12.227/63639",ACLName="no_extension_match"
[2020-09-20 01:55:49] NOTICE[1239][C-00005821] chan_sip.c: Call from '' (103.145.12.227:55335) to extension '901146812410910' rejected because extension not found in context 'public'.
...

[2020-09-19 18:04:26] NOTICE[1239][C-000055a3] chan_sip.c: Call from '' (103.145.12.227:58137) to extension '01146812410910' rejected because extension not found in context 'public'.
[2020-09-19 18:04:26] SECURITY[1264] res_security_log.c: SecurityEvent="FailedACL",EventTV="2020-09-19T18:04:26.594-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="01146812410910",SessionID="0x7f4d48488fa8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/103.145.12.227/58137",ACLName="no_extension_match"
[2020-09-19 18:06:09] NOTICE[1239][C-000055a5] chan_sip.c: Call from '' (103.145.12.227:52418) to extension '901146812410910' rejected because extension not found in context 'public'.
[2020-09-19 18:06:09] SECURITY[1264] res_security_log.c: SecurityEvent="FailedACL",EventTV="2020-09-19T18:06:09.567-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="901146812410910",SessionID="0x7f4d48488fa8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP
...

SIP scanner

SIP scanner

SIP scanner

[2020-09-15 14:20:34] NOTICE[1239][C-000041fa] chan_sip.c: Call from '' (103.145.12.227:57394) to extension '901146812410910' rejected because extension not found in context 'public'.
[2020-09-15 14:20:34] SECURITY[1264] res_security_log.c: SecurityEvent="FailedACL",EventTV="2020-09-15T14:20:34.855-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="901146812410910",SessionID="0x7f4d482e4338",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/103.145.12.227/57394",ACLName="no_extension_match"
[2020-09-15 14:22:18] NOTICE[1239][C-000041fd] chan_sip.c: Call from '' (103.145.12.227:63659) to extension '801146812410910' rejected because extension not found in context 'public'.
...

"$f2bV_matches"

Aug 24 20:06:23 vps46666688 sshd[29955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.155.209.51
Aug 24 20:06:25 vps46666688 sshd[29955]: Failed password for invalid user postgres from 61.155.209.51 port 44127 ssh2
...

Aug 24 23:32:36 eventyay sshd[13069]: Failed password for root from 119.29.16.190 port 52360 ssh2
Aug 24 23:34:44 eventyay sshd[13171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.29.16.190
Aug 24 23:34:46 eventyay sshd[13171]: Failed password for invalid user nagios from 119.29.16.190 port 42778 ssh2
...

2020-08-25T00:24:14.666844cyberdyne sshd[718060]: Failed password for invalid user hn from 188.166.23.215 port 46354 ssh2
2020-08-25T00:27:29.961385cyberdyne sshd[718868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.23.215  user=root
2020-08-25T00:27:32.551896cyberdyne sshd[718868]: Failed password for root from 188.166.23.215 port 53684 ssh2
2020-08-25T00:30:56.205796cyberdyne sshd[719696]: Invalid user torus from 188.166.23.215 port 32786
...

Aug 25 01:15:54 localhost sshd\[17577\]: Invalid user admin from 141.98.9.161
Aug 25 01:15:54 localhost sshd\[17577\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.9.161
Aug 25 01:15:56 localhost sshd\[17577\]: Failed password for invalid user admin from 141.98.9.161 port 39549 ssh2
Aug 25 01:16:16 localhost sshd\[17607\]: Invalid user ubnt from 141.98.9.161
Aug 25 01:16:16 localhost sshd\[17607\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.9.161
...

Invalid user otk from 103.110.84.196 port 46632

2020-08-25 01:48:26 auth_plain authenticator failed for (User) [212.70.149.36]: 535 Incorrect authentication data (set_id=sti@lavrinenko.info)
2020-08-25 01:48:43 auth_plain authenticator failed for (User) [212.70.149.36]: 535 Incorrect authentication data (set_id=stg2@lavrinenko.info)
...

$f2bV_matches

Aug 25 01:14:38 vm0 sshd[32699]: Failed password for root from 222.186.175.167 port 33992 ssh2
Aug 25 01:14:51 vm0 sshd[32699]: error: maximum authentication attempts exceeded for root from 222.186.175.167 port 33992 ssh2 [preauth]
...

sshd jail - ssh hack attempt

2020-08-24 17:42:27.332626-0500  localhost sshd[39792]: Failed password for root from 104.248.28.42 port 58260 ssh2

Aug 24 23:52:12 h2779839 sshd[3628]: Invalid user steam from 128.199.85.141 port 55004
Aug 24 23:52:12 h2779839 sshd[3628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.85.141
Aug 24 23:52:12 h2779839 sshd[3628]: Invalid user steam from 128.199.85.141 port 55004
Aug 24 23:52:14 h2779839 sshd[3628]: Failed password for invalid user steam from 128.199.85.141 port 55004 ssh2
Aug 24 23:56:47 h2779839 sshd[3823]: Invalid user rst from 128.199.85.141 port 34206
Aug 24 23:56:47 h2779839 sshd[3823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.85.141
Aug 24 23:56:47 h2779839 sshd[3823]: Invalid user rst from 128.199.85.141 port 34206
Aug 24 23:56:49 h2779839 sshd[3823]: Failed password for invalid user rst from 128.199.85.141 port 34206 ssh2
Aug 25 00:01:14 h2779839 sshd[4106]: Invalid user cathy from 128.199.85.141 port 41640
...

Aug 24 22:13:23 vps639187 sshd\[12987\]: Invalid user pi from 79.146.130.85 port 34828
Aug 24 22:13:23 vps639187 sshd\[12987\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.146.130.85
Aug 24 22:13:23 vps639187 sshd\[12989\]: Invalid user pi from 79.146.130.85 port 34830
Aug 24 22:13:23 vps639187 sshd\[12989\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.146.130.85
...

Aug 24 21:12:53 server1 dovecot: auth-worker(3092): sql(test@nn04.org,173.236.136.70,<2tooNqWt7Kut7IhG>): unknown user
Aug 24 21:12:55 server1 dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=173.236.136.70, lip=192.168.1.200, session=<2tooNqWt7Kut7IhG>
Aug 24 21:12:59 server1 dovecot: auth-worker(3092): sql(test@nn04.org,173.236.136.70,): unknown user
Aug 24 21:13:01 server1 dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 6 secs): user=, method=PLAIN, rip=173.236.136.70, lip=192.168.1.200, session=
Aug 24 21:13:09 server1 dovecot: auth-worker(3092): sql(test@nn04.org,173.236.136.70,): unknown user

2020-08-2422:14:001kAIqt-0005O0-M5\<=simone@gedacom.chH=\(localhost\)[119.53.149.66]:45943P=esmtpsaX=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256CV=noA=dovecot_login:simone@gedacom.chS=1917id=7F7ACC9F94406EDD01044DF531CC1910@gedacom.chT="Desiretoexploreyou"fortonysager18@gmail.com2020-08-2422:13:131kAIq8-0005Kr-I9\<=simone@gedacom.chH=\(localhost\)[123.21.10.120]:44977P=esmtpsaX=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256CV=noA=dovecot_login:simone@gedacom.chS=3975id=85bbd08388a3767a5d18aefd09ce34383369825d@gedacom.chT="\\360\\237\\215\\212\\360\\237\\221\\221\\360\\237\\215\\221\\360\\237\\214\\212Seekingoutyourhometownchicks\?"forvhhhhh@gfg.comjazz.bramble96@gmail.com2020-08-2422:13:381kAIqX-0005N9-2t\<=simone@gedacom.chH=\(localhost\)[36.152.127.130]:39232P=esmtpsaX=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256CV=noA=dovecot_login:simone@gedacom.chS=1970id=202593C0CB1F31825E5B12AA6E9E8194@gedacom.chT="Onlyneedjustabitofyourattention"forbyronseabern@gmail.com2020-08-2422:13:071kAIq2-0005Jk-Ae\<=simone@gedacom.chH=\(loc