Sep 13 08:22:02 mail.srvfarm.net postfix/smtpd[1001726]: NOQUEUE: reject: RCPT from unknown[195.62.32.221]: 450 4.7.1 : Helo command rejected: Host not found; from= to= proto=ESMTP helo=
Sep 13 08:22:02 mail.srvfarm.net postfix/smtpd[1001726]: NOQUEUE: reject: RCPT from unknown[195.62.32.221]: 450 4.7.1 : Helo command rejected: Host not found; from= to= proto=ESMTP helo=
Sep 13 08:27:02 mail.srvfarm.net postfix/smtpd[1001562]: NOQUEUE: reject: RCPT from unknown[195.62.32.221]: 450 4.7.1 : Helo command rejected: Host not found; from= to= proto=ESMTP helo=
Sep 13 08:27:02 mail.srvfarm.net postfix/smtpd[1001562]: NOQUEUE: reject: RCPT from unknown[195.62.32.221]: 450 4.7.1 : Helo command rejected: Host not foun

Sep 13 08:22:02 mail.srvfarm.net postfix/smtpd[1001726]: NOQUEUE: reject: RCPT from unknown[195.62.32.221]: 450 4.7.1 : Helo command rejected: Host not found; from= to= proto=ESMTP helo=
Sep 13 08:22:02 mail.srvfarm.net postfix/smtpd[1001726]: NOQUEUE: reject: RCPT from unknown[195.62.32.221]: 450 4.7.1 : Helo command rejected: Host not found; from= to= proto=ESMTP helo=
Sep 13 08:27:02 mail.srvfarm.net postfix/smtpd[1001562]: NOQUEUE: reject: RCPT from unknown[195.62.32.221]: 450 4.7.1 : Helo command rejected: Host not found; from= to= proto=ESMTP helo=
Sep 13 08:27:02 mail.srvfarm.net postfix/smtpd[1001562]: NOQUEUE: reject: RCPT from unknown[195.62.32.221]: 450 4.7.1 : Helo command rejected: Host not foun

PHISHING AND SPAM ATTACK
GROUP USES LayerHost, IP SERVER LLC, Root Networks LLC, Serverion BV, XSServer GmbH, Xervers, Colocrossing
31.210.22.63	Dental Health Issues? - DentalHealthIssues@leadentox.us, This formula is support your healthy teeth, keeping them strong and your breath fresh, 3 Jul 2021 
157.52.177.152	Want Free HD TV? - WantFreeHDTV@antennaology.co, A new product you won’t pass on, 3 Jul 2021
157.52.177.155	Car Warranty - ChoiceAutoWarranty@monsterfx.co, Spread some Holiday Cheer and Never have to Pay for Another Repair!, 3 Jul 2021
195.62.32.81	Stop Cold Sores - RemoveHerpesForever@herpitch.co, Herpes Virus Killer Founds Inside Left Brain, 3 Jul 2021
195.62.32.129	Nanolon Fiber - NanolonFiber@massivemalez.us, Your paper towel is poisoning our environment..., 3 Jul 2021
198.12.127.171 	Life Extension - tony@gmail.com, Kidney dialysis: When is it time to stop?, 3 Jul 2021
OrgName: 	LayerHost, AND SERVER-31-210-22-0 country: NL, netname: SERVER-185-239-242-0 country: NL  AND RU-IPSERVER-20190206, Serverion
NetRange:       31.210.22.0 - 31.210.23.255	org-name:       Serverion BV
NetRange:       157.52.128.0 - 157.52.255.255	OrgName:        LayerHost
NetRange:       185.239.242.0 - 185.239.242.255	org-name:       Serverion BV
inetnum:        194.59.216.0 - 194.59.217.255	org-name:       Serverion BV
inetnum:        195.62.32.0 - 195.62.33.255	org-name:       XSServer GmbH
inetnum:        195.133.12.0 - 195.133.15.255   netname:        Xervers
inetnum:        195.133.39.0 - 195.133.39.255	org-name:       Serverion BV
NetRange:       198.12.64.0 - 198.12.127.255	OrgName:        ColoCrossing

PHISHING ATTACK
195.62.32.183 The First 72 Hours - TheFirst72Hours@divinelockx.us - Did Costco Just Try and CRUSH Conservatives?, Sun, 16 May 2021
inetnum:        195.62.32.0 - 195.62.33.255
org-name:       XSServer GmbH
Other emails from same group
195.62.32.65 Vaccine Survey -CovidSurvey@eyefloters.buzz- COVID-19 vaccine research survey, Sat, 15 May 2021 
195.62.32.183 The First 72 Hours - TheFirst72Hours@divinelockx.us - Did Costco Just Try and CRUSH Conservatives?, Sun, 16 May 2021

195.62.32.65 Vaccine Survey -CovidSurvey@eyefloters.buzz- COVID-19 vaccine research survey, Sat, 15 May 2021
inetnum:        195.62.32.0 - 195.62.33.255
org-name:       XSServer GmbH

PHISHING ATTACK
Transparent Face Visor - ClearShield@sugartonic.icu : 
"Wear the Mouth Visor and smile freely!" :
from [195.62.32.23] (port=55637 helo=nate.sugartonic.icu)  :
Thu, 31 Dec 2020 00:28:31 +1100

PHISHING ATTACK
Meet Ultrazoom  : 
"Super Telephoto Zoom Monocular Telescope" :
from [195.62.32.21] (port=49191 helo=yoke.bloodpressure.buzz) :
Wed, 30 Dec 2020 22:04:26 +1100

PHISHING ATTACK
Magical Sandals : 
"Wear these Sandals and pain is gone.":
from [195.62.32.179] (port=33498 helo=ping.shinehead.bid):
Sat, 26 Dec 2020 22:49:08 +1100

Holiday Sale  : The low energy heater : 
from [195.62.32.173] (port=54745 helo=irene.woodsworking.co) :
Sun, 27 Dec 2020 01:04:41 +1100

multiple daily spam from:195.62.32.154/195.62.32.173

multiple daily email spam from:195.62.32.173/195.62.32.154/195.62.32.176/

Sep 12 22:41:49 web01.agentur-b-2.de postfix/smtpd[2309467]: NOQUEUE: reject: RCPT from unknown[195.62.32.227]: 450 4.7.1 : Helo command rejected: Host not found; from= to= proto=ESMTP helo=
Sep 12 22:41:49 web01.agentur-b-2.de postfix/smtpd[2309467]: NOQUEUE: reject: RCPT from unknown[195.62.32.227]: 450 4.7.1 : Helo command rejected: Host not found; from= to= proto=ESMTP helo=
Sep 12 22:41:52 web01.agentur-b-2.de postfix/smtpd[2330232]: NOQUEUE: reject: RCPT from unknown[195.62.32.227]: 450 4.7.1 : Helo command rejected: Host not found; from= to= proto=ESMTP helo=
Sep 12 22:46:50 web01.agentur-b-2.de postfix/smtpd[2330232]: NOQUEUE: reject: RCPT from unknown[195.62.32.227]: 450 4.7.1 : Helo comman

Sep 12 22:41:49 web01.agentur-b-2.de postfix/smtpd[2309467]: NOQUEUE: reject: RCPT from unknown[195.62.32.227]: 450 4.7.1 : Helo command rejected: Host not found; from= to= proto=ESMTP helo=
Sep 12 22:41:49 web01.agentur-b-2.de postfix/smtpd[2309467]: NOQUEUE: reject: RCPT from unknown[195.62.32.227]: 450 4.7.1 : Helo command rejected: Host not found; from= to= proto=ESMTP helo=
Sep 12 22:41:52 web01.agentur-b-2.de postfix/smtpd[2330232]: NOQUEUE: reject: RCPT from unknown[195.62.32.227]: 450 4.7.1 : Helo command rejected: Host not found; from= to= proto=ESMTP helo=
Sep 12 22:46:50 web01.agentur-b-2.de postfix/smtpd[2330232]: NOQUEUE: reject: RCPT from unknown[195.62.32.227]: 450 4.7.1 : Helo comman

mutliple daily email spam from:<17_116639-_17@nor.nosathe.de>

Daily mutiple spam  

Daily spam 

\[May  7 23:01:22\] NOTICE\[2019\] chan_sip.c: Registration from '\' failed for '195.62.32.50:57986' - Wrong password
\[May  7 23:02:14\] NOTICE\[2019\] chan_sip.c: Registration from '\' failed for '195.62.32.50:50409' - Wrong password
\[May  7 23:03:56\] NOTICE\[2019\] chan_sip.c: Registration from '\' failed for '195.62.32.50:51522' - Wrong password
\[May  7 23:04:52\] NOTICE\[2019\] chan_sip.c: Registration from '\' failed for '195.62.32.50:60697' - Wrong password
\[May  7 23:05:46\] NOTICE\[2019\] chan_sip.c: Registration from '\' failed for '195.62.32.50:53545' - Wrong password
\[May  7 23:06:39\] NOTICE\[2019\] chan_sip.c: Registration from '\' failed for '195.62.32.50:62449' - Wrong password
\[May  7 23:07:33\] NOTICE\[2019\] chan_sip.c: Registration from '\' failed for '19
...

May 19 11:30:51 vserver sshd\[21969\]: Invalid user lxd from 95.167.225.85May 19 11:30:53 vserver sshd\[21969\]: Failed password for invalid user lxd from 95.167.225.85 port 33782 ssh2May 19 11:36:46 vserver sshd\[22066\]: Invalid user srd from 95.167.225.85May 19 11:36:48 vserver sshd\[22066\]: Failed password for invalid user srd from 95.167.225.85 port 35036 ssh2
...

WordPress user registration, really-simple-captcha js check bypass

May 19 19:32:24 onepixel sshd[340101]: Invalid user dye from 176.194.189.39 port 39952
May 19 19:32:24 onepixel sshd[340101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.194.189.39 
May 19 19:32:24 onepixel sshd[340101]: Invalid user dye from 176.194.189.39 port 39952
May 19 19:32:26 onepixel sshd[340101]: Failed password for invalid user dye from 176.194.189.39 port 39952 ssh2
May 19 19:36:22 onepixel sshd[340627]: Invalid user tjz from 176.194.189.39 port 57748

2020-05-19T17:19:20.039180abusebot.cloudsearch.cf sshd[23071]: Invalid user bye from 129.28.162.182 port 48024
2020-05-19T17:19:20.044408abusebot.cloudsearch.cf sshd[23071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.28.162.182
2020-05-19T17:19:20.039180abusebot.cloudsearch.cf sshd[23071]: Invalid user bye from 129.28.162.182 port 48024
2020-05-19T17:19:22.544728abusebot.cloudsearch.cf sshd[23071]: Failed password for invalid user bye from 129.28.162.182 port 48024 ssh2
2020-05-19T17:22:08.041273abusebot.cloudsearch.cf sshd[23263]: Invalid user alc from 129.28.162.182 port 45010
2020-05-19T17:22:08.046868abusebot.cloudsearch.cf sshd[23263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.28.162.182
2020-05-19T17:22:08.041273abusebot.cloudsearch.cf sshd[23263]: Invalid user alc from 129.28.162.182 port 45010
2020-05-19T17:22:10.276386abusebot.cloudsearch.cf sshd[23263]: Failed password for inval
...

22/tcp 22/tcp 22/tcp...
[2020-04-09/05-19]4pkt,1pt.(tcp)

port scan and connect, tcp 1433 (ms-sql-s)

xmlrpc attack

May 19 20:01:11 game-panel sshd[16496]: Failed password for root from 222.186.175.154 port 38872 ssh2
May 19 20:01:15 game-panel sshd[16496]: Failed password for root from 222.186.175.154 port 38872 ssh2
May 19 20:01:17 game-panel sshd[16496]: Failed password for root from 222.186.175.154 port 38872 ssh2
May 19 20:01:24 game-panel sshd[16496]: error: maximum authentication attempts exceeded for root from 222.186.175.154 port 38872 ssh2 [preauth]

Port scan(s) [2 denied]

"Unauthorized connection attempt on SSHD detected"

Lines containing failures of 95.154.192.121
May 19 10:59:13 icinga sshd[3089]: Connection closed by 95.154.192.121 port 60169 [preauth]
May 19 11:53:08 icinga sshd[17767]: Invalid user user from 95.154.192.121 port 60169
May 19 11:53:08 icinga sshd[17767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.154.192.121
May 19 11:53:10 icinga sshd[17767]: Failed password for invalid user user from 95.154.192.121 port 60169 ssh2
May 19 11:53:10 icinga sshd[17767]: Connection closed by invalid user user 95.154.192.121 port 60169 [preauth]
May 19 12:46:59 icinga sshd[32410]: Connection closed by 95.154.192.121 port 60169 [preauth]
May 19 13:40:51 icinga sshd[14733]: Connection closed by 95.154.192.121 port 60169 [preauth]
May 19 14:36:07 icinga sshd[29756]: Connection closed by 95.154.192.121 port 60169 [preauth]
May 19 15:33:05 icinga sshd[13115]: Connection closed by 95.154.192.121 port 60169 [preauth]
May 19 16:27:41 icinga sshd[2816........
------------------------------

May 19 21:02:07 server sshd[39559]: Failed password for invalid user xjh from 159.65.13.233 port 45944 ssh2
May 19 21:05:48 server sshd[42271]: Failed password for invalid user cip from 159.65.13.233 port 51704 ssh2
May 19 21:09:37 server sshd[45294]: Failed password for invalid user gpg from 159.65.13.233 port 57464 ssh2

Portscan - Unauthorized connection attempt

May 19 19:42:09 vpn01 sshd[29511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.79.44.52
May 19 19:42:11 vpn01 sshd[29511]: Failed password for invalid user sga from 51.79.44.52 port 38276 ssh2
...

May 19 21:45:59 plex sshd[8174]: Invalid user uxi from 168.194.162.200 port 18400
May 19 21:45:59 plex sshd[8174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.194.162.200
May 19 21:45:59 plex sshd[8174]: Invalid user uxi from 168.194.162.200 port 18400
May 19 21:46:02 plex sshd[8174]: Failed password for invalid user uxi from 168.194.162.200 port 18400 ssh2
May 19 21:49:57 plex sshd[8296]: Invalid user tjl from 168.194.162.200 port 31786