NOTE PROBABLE COMMON GROUPS LayerHost, AND SERVER-31-210-22-0 country: NL, netname: SERVER-185-239-242-0 country: NL  AND RU-IPSERVER-20190206
PHISHING AND SPAM ATTACK
104.223.155.198  No More Dentist - victoria@included.top,  You need to STOP going to the dentist, 21 Jun 2021 
OrgName: 	LayerHost
NetRange:       23.247.0.0 - 23.247.127.255
NetRange:       103.73.156.0 - 103.73.156.255
NetRange:       104.148.0.0 - 104.148.127.255
NetRange:       104.223.128.0 - 104.223.255.255
NetRange:       107.179.0.0 - 107.179.127.255
NetRange:       134.73.0.0 - 134.73.255.255
NetRange:       157.52.128.0 - 157.52.255.255
Other emails from same group
23.247.53.76 Latest Bluetooth - LingoGenie@onlyhappye.bid - Multi-Language Instant Voice Translator, Wed, 5 May 2021 
23.247.53.89 Your Bone Density - notifications@getmask.biz - 5 foods that cause WEAK BONES, Thu, 6 May 2021
23.247.125.237 Bidens Secret Pills - taylor@burbositision.top -  USSR + Cold War Research + Russian Scientists = How is Trumps brain still on FIRE?, Fri, 16 Apr 2021
23.247.125.241 Trumps Secret Pills - hazel@armchair.top - Cold War USSR brain boosting nootropics uncovered. What do you think Trump..., Tue, 4 May 2021 19:19:19
103.73.156.184 Weightloss Magic - nevaeh@mopla.top, [DeleteMe] Feel good in your clothes again - Thousands are losing weight overnight Feel good in your clothes again - Thousands are losing weight overnight, Mon, 24 May 2021 
103.73.156.188 AmnesiaInducing Infection - eliana.lyons@minery.top - University study - dental bacteria & memory loss (MUST WATCH), Sun, 9 May 2021 
107.179.121.2 Live healthy - juliana@adventured.club, Weight loss breakthrough - New Strategies for melting fat Opportunity-Removed -, 19 Jun 2021

NOTE PROBABLE COMMON GROUPS LayerHost, AND SERVER-31-210-22-0 country: NL, netname: SERVER-185-239-242-0 country: NL  AND RU-IPSERVER-20190206
PHISHING AND SPAM ATTACK
104.223.155.211  Heidi at Trump for Small Businesses - claire@belve.club,  Merchants - Are your clients short on cash? We offer them financing, 23 Jun 2021 
OrgName: 	LayerHost
NetRange:       23.247.0.0 - 23.247.127.255
NetRange:       103.73.156.0 - 103.73.156.255
NetRange:       104.148.0.0 - 104.148.127.255
NetRange:       104.223.128.0 - 104.223.255.255
NetRange:       107.179.0.0 - 107.179.127.255
NetRange:       134.73.0.0 - 134.73.255.255
NetRange:       157.52.128.0 - 157.52.255.255
Other emails from same group
23.247.53.76 Latest Bluetooth - LingoGenie@onlyhappye.bid - Multi-Language Instant Voice Translator, Wed, 5 May 2021 
23.247.53.89 Your Bone Density - notifications@getmask.biz - 5 foods that cause WEAK BONES, Thu, 6 May 2021
103.73.156.184 Weightloss Magic - nevaeh@mopla.top, [DeleteMe] Feel good in your clothes again - Thousands are losing weight overnight Feel good in your clothes again - Thousands are losing weight overnight, Mon, 24 May 2021 
104.223.155.198  No More Dentist - victoria@included.top,  You need to STOP going to the dentist, 21 Jun 2021 
104.223.155.211  Heidi at Trump for Small Businesses - claire@belve.club,  Merchants - Are your clients short on cash? We offer them financing, 23 Jun 2021 
104.223.155.216 Cure Diabetes - eloise@byfoculous.top,[Until-6AM] Once in a lifetime discovery - 10% of Diabetics eventually need Amputation Once in a lifetime discovery - 10% of Diabetics eventually need Amputation, Thu, 20 May 2021 
107.179.121.2 Live healthy - juliana@adventured.club, Weight loss breakthrough - New Strategies for melting fat Opportunity-Removed -, 19 Jun 202
107.179.121.28 Save Your Family - heidi@coinmaker.club, Take 1 sip an hour before bed to boost your Growth Hormone & flatten your belly while you sleep, Wed, 26 May 2021

PHISHING ATTACK
195.133.39.135 Get Control -GetControl@shippingcontainr.us, Rioters Set to Target THESE States Next?, Thu, Fri, 21 May 2021 
inetnum:        194.59.216.0 - 194.59.217.255
inetnum:        195.133.12.0 - 195.133.15.255
inetnum:        195.133.39.0 - 195.133.39.255
netname:        Serverion
Other emails from same group
194.59.216.25  Red Lobster Opinion Requested@lostbook.us - RedLobsterShopperGiftOpportunity@lostbook.us - Congratulations! You can get a $50 Red Lobster gift card!, Sun, 16 May 2021
194.59.216.51  Battery Trick - RestorationTrick@promindbettry.us - [video] Dead Simple Trick Brings Any Battery Back To LifeBattery Trick, Wed, 19 May 2021 14:34:46
195.133.15.205 Verizon Opinion Requested - VerizonShopperFeedback@verizonx.us - BONUS: $50 VERIZON Gift Card Opportunity, Thu, 6 May 2021
195.133.15.206 LingoGenie - LingoGenie@verizonx.us - A Must Have for Your Travel and Business Meetings, Thu, 6 May 2021
195.133.15.208 Space Age - SpaceAge@prayrmiracle.us -  ,Bioenergetic Imprinting to overcome 10 years of back pain!, Sat, 15 May 2021
195.133.15.208 Space Age - SpaceAge@prayrmiracle.us - , BONUS: $50 KROGER Gift Card Opportunity, Sat, 15 May 2021
195.133.15.216 TedsWoodworking - TedsWoodworking@nerveshield.buzz -, open this..., Thu, 13 May 2021 
195.133.15.229 Diy Landscaping Designs -DiyLandscapingDesigns@urgentwood.us- Home & garden landscaping, Sun, 9 May 2021 
195.133.15.231 Easy sheds -ShedPlansInside@sonavel.us- Build sheds easily with this collection of 12,000 plans, Sun, 9 May 2021
195.133.39.132 Thank You! Pickupsavings -PickupsavingsRewardNotice@promindboost.us- CONGRATS! You Can Get $100 CVS Rewards, Thu, 20 May 2021 13:38:55 
195.133.39.135 Get Control -GetControl@shippingcontainr.us, Rioters Set to Target THESE States Next?, Thu, Fri, 21 May 2021 
195.133.39.193 Secret Leaked - SecretLeaked@droness.us - Is it possible to drop 3lbs a week just by taking a capsule a day?, Thu, 20 May 2021 10:44:48

PHISHING ATTACK
104.223.155.216 Cure Diabetes - eloise@byfoculous.top,[Until-6AM] Once in a lifetime discovery - 10% of Diabetics eventually need Amputation Once in a lifetime discovery - 10% of Diabetics eventually need Amputation, Thu, 20 May 2021 
OrgName: 	LayerHost
NetRange:       23.247.0.0 - 23.247.127.255
NetRange:       103.73.156.0 - 103.73.156.255
NetRange:       104.148.0.0 - 104.148.127.255
NetRange:       104.223.128.0 - 104.223.255.255
NetRange:       107.179.0.0 - 107.179.127.255
NetRange:       134.73.0.0 - 134.73.255.255
NetRange:       157.52.128.0 - 157.52.255.255
Other emails from same group

23.247.53.76 Latest Bluetooth - LingoGenie@onlyhappye.bid - Multi-Language Instant Voice Translator, Wed, 5 May 2021 
23.247.53.89 Your Bone Density - notifications@getmask.biz - 5 foods that cause WEAK BONES, Thu, 6 May 2021
23.247.125.237 Bidens Secret Pills - taylor@burbositision.top -  USSR + Cold War Research + Russian Scientists = How is Trumps brain still on FIRE?, Fri, 16 Apr 2021
23.247.125.241 Trumps Secret Pills - hazel@armchair.top - Cold War USSR brain boosting nootropics uncovered. What do you think Trump..., Tue, 4 May 2021 19:19:19

103.73.156.188 AmnesiaInducing Infection - eliana.lyons@minery.top - University study - dental bacteria & memory loss (MUST WATCH), Sun, 9 May 2021 

104.148.6.239 Cinnamon -iris@coliseum.top- FALSE: Fat + People + Cinnamon Bark = People + Cinnamon Tea, Thu, 15 Apr 2021
104.223.155.206 Diabetes Treatment - alaina@branizericing.top - 10% of Diabetics eventually need Amputation - Root cause of Diabetes & and how we stop it 10% of Diabetics eventually need Amputation - Root cause of Diabetes & and how we stop it [Opportunity-Removed], Tue, 18 May 2021
104.223.155.216 Cure Diabetes - eloise@byfoculous.top,[Until-6AM] Once in a lifetime discovery - 10% of Diabetics eventually need Amputation Once in a lifetime discovery - 10% of Diabetics eventually need Amputation, Thu, 20 May 2021

PHISHING ATTACK
104.223.155.206 Diabetes Treatment - alaina@branizericing.top - 10% of Diabetics eventually need Amputation - Root cause of Diabetes & and how we stop it 10% of Diabetics eventually need Amputation - Root cause of Diabetes & and how we stop it [Opportunity-Removed], Tue, 18 May 2021
OrgName: 	LayerHost
NetRange:       23.247.0.0 - 23.247.127.255
NetRange:       103.73.156.0 - 103.73.156.255
NetRange:       104.148.0.0 - 104.148.127.255
NetRange:       104.223.128.0 - 104.223.255.255
NetRange:       107.179.0.0 - 107.179.127.255
NetRange:       134.73.0.0 - 134.73.255.255
NetRange:       157.52.128.0 - 157.52.255.255
Other emails from same group
104.148.6.239 Cinnamon -iris@coliseum.top- FALSE: Fat + People + Cinnamon Bark = People + Cinnamon Tea, Thu, 15 Apr 2021
104.223.155.206 Diabetes Treatment - alaina@branizericing.top - 10% of Diabetics eventually need Amputation - Root cause of Diabetes & and how we stop it 10% of Diabetics eventually need Amputation - Root cause of Diabetes & and how we stop it [Opportunity-Removed], Tue, 18 May 2021

107.179.121.6   60 sec Prostate cure -juniper@inusintering.top-  -sydney@zapster.top- [Until-6AM] Heart health … Prostate health: A unique partnership - Prostate Health: Know the Facts Heart health … Prostate health: A unique partnership - Prostate Health: Know the Facts [90Sec-Video], Fri, 14 May 2021
107.179.127.158 Biden Brain Hacks - eden@dard.top - Russians developed secret brain enhancement drugs during the USSR. Now college kids..., Sun, 2 May 2021

134.73.88.85 Alexandria Crandall - alexandria.crandall@ackbrogrum.top - [DeleteMe] Once in a lifetime discovery - Shed 30lbs in 4 weeks with no exercise or diet fads Once in a lifetime discovery - Shed 30lbs in 4 weeks with no exercise or diet fads, Fri, 14 May 2021
134.73.88.80   Dentist Saver -arya@aritionated.top- Rebuild Your Teeth and Gums (And Get Rid of Tooth Decay), Sat, 15 May 2021

Spam

TCP Port: 25 _    invalid blocked  dnsbl-sorbs also abuseat-org _  _  _ _ (695)

185.244.25.184 - - [20/Sep/2019:13:16:51 +0400] "POST /GponForm/diag_Form?style/ HTTP/1.1" 404 7724 "-" "curl/7.3.2"
...

Honeypot hit.

Invalid user wk from 104.248.242.125 port 45748

Honeypot attack, port: 81, PTR: mvx-177-124-217-170.mundivox.com.

Sep 19 23:12:30 hanapaa sshd\[2543\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.53.210.45  user=root
Sep 19 23:12:32 hanapaa sshd\[2543\]: Failed password for root from 84.53.210.45 port 15037 ssh2
Sep 19 23:17:04 hanapaa sshd\[2953\]: Invalid user webmail from 84.53.210.45
Sep 19 23:17:04 hanapaa sshd\[2953\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.53.210.45
Sep 19 23:17:06 hanapaa sshd\[2953\]: Failed password for invalid user webmail from 84.53.210.45 port 4559 ssh2

Sep 19 16:02:22 hanapaa sshd\[25976\]: Invalid user ataque from 111.231.203.94
Sep 19 16:02:22 hanapaa sshd\[25976\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.231.203.94
Sep 19 16:02:25 hanapaa sshd\[25976\]: Failed password for invalid user ataque from 111.231.203.94 port 55210 ssh2
Sep 19 16:05:44 hanapaa sshd\[26231\]: Invalid user josemaria from 111.231.203.94
Sep 19 16:05:44 hanapaa sshd\[26231\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.231.203.94

Telnet Server BruteForce Attack

Sep 20 11:28:35 markkoudstaal sshd[26747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.38.231.249
Sep 20 11:28:37 markkoudstaal sshd[26747]: Failed password for invalid user ubuntu from 51.38.231.249 port 52942 ssh2
Sep 20 11:32:29 markkoudstaal sshd[27122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.38.231.249

php WP PHPmyadamin ABUSE blocked for 12h

\[2019-09-20 04:53:20\] NOTICE\[2270\] chan_sip.c: Registration from '\' failed for '77.247.110.199:64407' - Wrong password
\[2019-09-20 04:53:20\] SECURITY\[2283\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-09-20T04:53:20.122-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="52000041",SessionID="0x7fcd8c1615d8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/77.247.110.199/64407",Challenge="037532a7",ReceivedChallenge="037532a7",ReceivedHash="b9492f6dbe903053d3b72f876d7944df"
\[2019-09-20 04:53:20\] NOTICE\[2270\] chan_sip.c: Registration from '\' failed for '77.247.110.199:61230' - Wrong password
\[2019-09-20 04:53:20\] SECURITY\[2283\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-09-20T04:53:20.438-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="52000041",SessionID="0x7fcd8c0e1918",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/77.247

Admin Joomla Attack

Sep 20 08:17:10 XXXXXX sshd[8188]: Invalid user pra from 218.1.18.78 port 34154

Automatic report - Port Scan Attack

Sep 19 16:05:03 sachi sshd\[4441\]: Invalid user badur from 31.30.91.115
Sep 19 16:05:03 sachi sshd\[4441\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=cst2-91-115.cust.vodafone.cz
Sep 19 16:05:06 sachi sshd\[4441\]: Failed password for invalid user badur from 31.30.91.115 port 37168 ssh2
Sep 19 16:09:47 sachi sshd\[4922\]: Invalid user trendimsa1.0 from 31.30.91.115
Sep 19 16:09:47 sachi sshd\[4922\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=cst2-91-115.cust.vodafone.cz