for user smmsp by (uid=0)
Oct 12 02:20:01 ip-172-31-29-215 CRON[3985040]: pam_unix(cron:session): session closed for user smmsp
Oct 12 02:39:01 ip-172-31-29-215 CRON[3985078]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 12 02:39:01 ip-172-31-29-215 CRON[3985078]: pam_unix(cron:session): session closed for user root
Oct 12 02:40:01 ip-172-31-29-215 CRON[3985133]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Oct 12 02:40:01 ip-172-31-29-215 CRON[3985133]: pam_unix(cron:session): session closed for user smmsp
Oct 12 02:55:53 ip-172-31-29-215 sshd[3985165]: Received disconnect from 104.28.214.49 port 35534:11: Bye Bye [preauth]
Oct 12 02:55:53 ip-172-31-29-215 sshd[3985165]: Disconnected from authenticating user root 104.28.214.49 port 35534 [preauth]
Oct 12 02:57:24 ip-172-31-29-215 sshd[3985168]: Invalid user neolinux from 104.28.246.49 port 52523
Oct 12 02:57:25 ip-172-31-29-215 sshd[3985168]: Received disconnect from 104.28.246.49 port 52523:11: Bye Bye [preauth]
Oct 12 02:57:25 ip-172-31-29-215 sshd[3985168]: Disconnected from invalid user neolinux 104.28.246.49 port 52523 [preauth]
Oct 12 02:58:13 ip-172-31-29-215 sshd[3985171]: Invalid user minikube from 104.28.246.49 port 48293
Oct 12 02:58:13 ip-172-31-29-215 sshd[3985171]: Received disconnect from 104.28.246.49 port 48293:11: Bye Bye [preauth]
Oct 12 02:58:13 ip-172-31-29-215 sshd[3985171]: Disconnected from invalid user minikube 104.28.246.49 port 48293 [preauth]
Oct 12 02:59:58 ip-172-31-29-215 sshd[3985176]: Invalid user pagano from 104.28.246.49 port 33983
Oct 12 02:59:58 ip-172-31-29-215 sshd[3985176]: Received disconnect from 104.28.246.49 port 33983:11: Bye Bye [preauth]
Oct 12 02:59:58 ip-172-31-29-215 sshd[3985176]: Disconnected from invalid user pagano 104.28.246.49 port 33983 [preauth]
Oct 12 03:00:01 ip-172-31-29-215 CRON[3985178]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Oct 12 03:00:01 ip-172-31-29-215 CRON[3985178]: pam_unix(cron:session): session closed for user smmsp
Oct 12 03:02:32 ip-172-31-29-215 sshd[3985200]: Invalid user techuser from 104.28.214.49 port 50377
Oct 12 03:02:32 ip-172-31-29-215 sshd[3985200]: Received disconnect from 104.28.214.49 port 50377:11: Bye Bye [preauth]
Oct 12 03:02:32 ip-172-31-29-215 sshd[3985200]: Disconnected from invalid user techuser 104.28.214.49 port 50377 [preauth]
Oct 12 03:04:09 ip-172-31-29-215 sshd[3985202]: Received disconnect from 41.59.229.33 port 57982:11: Bye Bye [preauth]
Oct 12 03:04:09 ip-172-31-29-215 sshd[3985202]: Disconnected from authenticating user root 41.59.229.33 port 57982 [preauth]
Oct 12 03:04:13 ip-172-31-29-215 sshd[3985204]: Invalid user web from 104.28.246.49 port 26881
Oct 12 03:04:13 ip-172-31-29-215 sshd[3985204]: Received disconnect from 104.28.246.49 port 26881:11: Bye Bye [preauth]
Oct 12 03:04:13 ip-172-31-29-215 sshd[3985204]: Disconnected from invalid user web 104.28.246.49 port 26881 [preauth]
Oct 12 03:05:05 ip-172-31-29-215 sshd[3985208]: Received disconnect from 104.28.214.49 port 24746:11: Bye Bye [preauth]
Oct 12 03:05:05 ip-172-31-29-215 sshd[3985208]: Disconnected from authenticating user root 104.28.214.49 port 24746 [preauth]
Oct 12 03:05:58 ip-172-31-29-215 sshd[3985210]: Invalid user puneet from 104.28.246.49 port 56490
Oct 12 03:05:58 ip-172-31-29-215 sshd[3985210]: Received disconnect from 104.28.246.49 port 56490:11: Bye Bye [preauth]
Oct 12 03:05:58 ip-172-31-29-215 sshd[3985210]: Disconnected from invalid user puneet 104.28.246.49 port 56490 [preauth]
Oct 12 03:06:55 ip-172-31-29-215 sshd[3985212]: Invalid user solutec from 154.221.29.120 port 34984
Oct 12 03:06:55 ip-172-31-29-215 sshd[3985212]: Received disconnect from 154.221.29.120 port 34984:11: Bye Bye [preauth]
Oct 12 03:06:55 ip-172-31-29-215 sshd[3985212]: Disconnected from invalid user solutec 154.221.29.120 port 34984 [preauth]
Oct 12 03:07:12 ip-172-31-29-215 sshd[3985214]: Invalid user saka from 45.129.185.7 port 59564
Oct 12 03:07:12 ip-172-31-29-215 sshd[3985214]: Received disconnect from 45.129.185.7 port 59564:11: Bye Bye 8 bytes, 108.40Kbyte/sec
Sun Oct 12 02:51:04 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21152.png", 75878 bytes, 252.51Kbyte/sec
Sun Oct 12 02:51:04 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21153.png", 75878 bytes, 248.26Kbyte/sec
Sun Oct 12 02:51:05 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21156.png", 88905 bytes, 288.98Kbyte/sec
Sun Oct 12 02:51:05 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21157.png", 88905 bytes, 288.32Kbyte/sec
Sun Oct 12 02:51:06 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21159.png", 88905 bytes, 292.07Kbyte/sec
Sun Oct 12 02:51:07 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21160.png", 88905 bytes, 292.38Kbyte/sec
Sun Oct 12 02:51:07 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21161.png", 36286 bytes, 180.05Kbyte/sec
Sun Oct 12 02:51:08 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21162.png", 36286 bytes, 178.99Kbyte/sec
Sun Oct 12 02:51:08 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21163.png", 11587 bytes, 115.61Kbyte/sec
Sun Oct 12 02:51:08 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21164.png", 11587 bytes, 114.58Kbyte/sec
Sun Oct 12 02:51:09 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21166.png", 24323 bytes, 119.50Kbyte/sec
Sun Oct 12 02:51:09 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21169.png", 11587 bytes, 110.74Kbyte/sec
Sun Oct 12 02:51:10 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21170.png", 88905 bytes, 285.65Kbyte/sec
Sun Oct 12 02:51:10 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21171.png", 11587 bytes, 114.79Kbyte/sec
Sun Oct 12 02:51:11 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21172.png", 24323 bytes, 121.85Kbyte/sec
Sun Oct 12 02:51:11 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21214.png", 15268 bytes, 143.18Kbyte/sec
Sun Oct 12 02:51:12 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21215.png", 15268 bytes, 149.66Kbyte/sec
Sun Oct 12 02:51:12 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21216.png", 15268 bytes, 151.23Kbyte/sec
Sun Oct 12 02:51:12 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21217.png", 15268 bytes, 145.64Kbyte/sec
Sun Oct 12 02:51:13 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21218.png", 46331 bytes, 154.37Kbyte/sec
Sun Oct 12 02:51:14 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21220.png", 24052 bytes, 33.53Kbyte/sec
Sun Oct 12 02:51:14 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21221.png", 24052 bytes, 119.89Kbyte/sec
Sun Oct 12 02:51:15 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21224.png", 10620 bytes, 104.49Kbyte/sec
Sun Oct 12 02:51:15 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21225.png", 49336 bytes, 162.18Kbyte/sec
Sun Oct 12 02:51:16 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21226.png", 9743 bytes, 95.01Kbyte/sec
Sun Oct 12 02:51:16 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21227.png", 9743 bytes, 96.84Kbyte/sec
Sun Oct 12 02:51:17 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21231.png", 9743 bytes, 95.54Kbyte/sec
Sun Oct 12 02:51:17 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21232.png", 9743 bytes, 91.42Kbyte/sec
Sun Oct 12 02:51:17 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21262.png", 21043 bytes, 104.61Kbyte/sec
Sun Oct 12 02:51:18 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21263.png", 18895 bytes, 93.98Kbyte/sec
Sun Oct 12 02:51:18 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21264.png", 9047 bytes, 84.38Kbyte/sec
Sun Oct 12 02:51:19 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21265.png", 21043 bytes, 105.66Kbyte/sec
Sun Oct 12 02:51:19 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21266.png", 21043 bytes, 103.65Kbyte/sec
Sun Oct 12 02:51:20 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21267.png", 21043 bytes, 105.34Kbyte/sec
Sun Oct 12 02:51:20 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21268.png", 21043 bytes, 105.64Kbyte/sec
Sun Oct 12 02:51:21 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21272.png", 30497 bytes, 149.29Kbyte/sec
Sun Oct 12 02:51:21 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21273.png", 30497 bytes, 150.87Kbyte/sec
Sun Oct 12 02:51:22 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21274.png", 67796 bytes, 220.35Kbyte/sec
Sun Oct 12 02:51:23 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21275.png", 67796 bytes, 54.65Kbyte/sec
Sun Oct 12 02:51:24 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21276.png", 67796 bytes, 223.25Kbyte/sec
Sun Oct 12 02:51:25 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21277.png", 53978 bytes, 173.87Kbyte/sec
Sun Oct 12 02:51:25 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21278.png", 53978 bytes, 176.67Kbyte/sec
Sun Oct 12 02:51:26 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21279.png", 53978 bytes, 177.07Kbyte/sec
Sun Oct 12 02:51:26 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21280.png", 32951 bytes, 157.73Kbyte/sec
Sun Oct 12 02:51:27 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21281.png", 32951 bytes, 163.76Kbyte/sec
Sun Oct 12 02:51:27 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21282.png", 32951 bytes, 162.00Kbyte/sec
Sun Oct 12 02:51:28 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21283.png", 32951 bytes, 161.20Kbyte/sec
Sun Oct 12 02:51:28 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21284.png", 50518 bytes, 166.51Kbyte/sec
Sun Oct 12 02:51:29 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21285.png", 50518 bytes, 161.89Kbyte/sec
Sun Oct 12 02:51:30 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21286.png", 50518 bytes, 158.21Kbyte/sec
Sun Oct 12 02:51:30 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21287.png", 50518 bytes, 167.47Kbyte/sec
Sun Oct 12 02:51:31 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21288.png", 26974 bytes, 134.41Kbyte/sec
Sun Oct 12 02:51:31 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21289.png", 26974 bytes, 130.56Kbyte/sec
Sun Oct 12 02:51:32 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21290.png", 26974 bytes, 133.94Kbyte/sec
Sun Oct 12 02:51:32 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21291.png", 50255 bytes, 168.96Kbyte/sec
Sun Oct 12 02:51:33 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21292.png", 50255 bytes, 166.93Kbyte/sec
Sun Oct 12 02:51:33 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21293.png", 50255 bytes, 165.86Kbyte/sec
Sun Oct 12 02:51:34 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21373.png", 234371 bytes, 457.80Kbyte/sec
Sun Oct 12 02:51:35 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21374.png", 12390 bytes, 106.97Kbyte/sec
Sun Oct 12 02:51:35 2025 [pid 3985161] [ftp] OK DOWNLOAD: Client "45.67.231.116", "/MAR-21425.png", 23487 bytes, 115.61Kbyte/sec
Sun Oct 12 04:43:46 2025 [pid 3985715] CONNECT: Client "20.51.245.30"
Sun Oct 12 04:43:46 2025 [pid 3985717] CONNECT: Client "20.51.245.30"
Sun Oct 12 05:39:56 2025 [pid 3985944] CONNECT: Client "103.203.59.5"
Sun Oct 12 06:16:49 2025 [pid 3986087] CONNECT: Client "91.196.152.191"
Sun Oct 12 06:16:49 2025 [pid 3986090] CONNECT: Client "91.196.152.188"
Sun Oct 12 06:58:57 2025 [pid 3986452] CONNECT: Client "3.132.23.201"
Sun Oct 12 09:29-215 sessionclean[3985403]: PHP Warning:  Module 'sqlsrv' already loaded in Unknown on line 0
Oct 12 03:39:02 ip-172-31-29-215 systemd[1]: phpsessionclean.service: Succeeded.
Oct 12 03:39:02 ip-172-31-29-215 systemd[1]: Finished Clean php session files.
Oct 12 03:40:01 ip-172-31-29-215 CRON[3985447]: (smmsp) CMD (test -x /etc/init.d/sendmail && test -x /usr/share/sendmail/sendmail && test -x /usr/lib/sm.bin/sendmail && /usr/share/sendmail/sendmail cron-msp)
Oct 12 03:46:58 ip-172-31-29-215 amazon-ssm-agent.amazon-ssm-agent[3122439]: 2025-10-12 03:46:58.3436 WARN EC2RoleProvider Failed to connect to Systems Manager with instance profile role credentials. Err: retrieved credentials failed to report to ssm. Error: EC2RoleRequestError: no EC2 instance role found
Oct 12 03:46:58 ip-172-31-29-215 amazon-ssm-agent.amazon-ssm-agent[3122439]: 2025-10-12 03:46:58.3823 ERROR EC2RoleProvider Failed to connect to Systems Manager with SSM role credentials. error calling RequestManagedInstanceRoleToken: AccessDeniedException: Systems Manager's instance management role is not configured for account: 227937466084
Oct 12 03:46:58 ip-172-31-29-215 amazon-ssm-agent.amazon-ssm-agent[3122439]: #011status code: 400, request id: b460b99c-966b-4005-a69f-1b8d3ab43b00
Oct 12 04:00:01 ip-172-31-29-215 CRON[3985488]: (smmsp) CMD (test -x /etc/init.d/sendmail && test -x /usr/share/sendmail/sendmail && test -x /usr/lib/sm.bin/sendmail && /usr/share/sendmail/sendmail cron-msp)
Oct 12 04:05:19 ip-172-31-29-215 systemd[1]: Starting Certbot...
Oct 12 04:05:20 ip-172-31-29-215 systemd[1]: certbot.service: Succeeded.
Oct 12 04:05:20 ip-172-31-29-215 systemd[1]: Finished Certbot.
Oct 12 04:09:01 ip-172-31-29-215 CRON[3985522]: (root) CMD (  [ -x /usr/lib/php/sessionclean ] && if [ ! -d /run/systemd/system ]; then /usr/lib/php/sessionclean; fi)
Oct 12 04:09:02 ip-172-31-29-215 systemd[1]: Starting Clean php session files...
Oct 12 04:09:02 ip-172-31-29-215 sessionclean[3985535]: Cannot load Xdebug - it was already loaded
Oct 12 04:09:02 ip-172-31-29-215 sessionclean[3985535]: PHP Warning:  PHP Startup: Unable to load dynamic library 'pdo_sqlsrv.so' (tried: /usr/lib/php/20190902/pdo_sqlsrv.so (/usr/lib/php/20190902/pdo_sqlsrv.so: undefined symbol: php_pdo_unregister_driver), /usr/lib/php/20190902/pdo_sqlsrv.so.so (/usr/lib/php/20190902/pdo_sqlsrv.so.so: cannot open shared object file: No such file or directory)) in Unknown on line 0
Oct 12 04:09:02 ip-172-31-29-215 sessionclean[3985535]: PHP Warning:  Module 'gettext' already loaded in Unknown on line 0
Oct 12 04:09:02 ip-172-31-29-215 sessionclean[3985535]: PHP Warning:  Module 'mbstring' already loaded in Unknown on line 0
Oct 12 04:09:02 ip-172-31-29-215 sessionclean[3985535]: PHP Warning:  Module 'sqlsrv' already loaded in Unknown on line 0
Oct 12 04:09:02 ip-172-31-29-215 systemd[1]: phpsessionclean.service: Succeeded.
Oct 12 04:09:02 ip-172-31-29-215 systemd[1]: Finished Clean php session files.
Oct 12 04:13:14 ip-172-31-29-215 amazon-ssm-agent.amazon-ssm-agent[3122439]: 2025-10-12 04:13:14.3844 WARN EC2RoleProvider Failed to connect to Systems Manager with instance profile role credentials. Err: retrieved credentials failed to report to ssm. Error: EC2RoleRequestError: no EC2 instance role found
Oct 12 04:13:14 ip-172-31-29-215 amazon-ssm-agent.amazon-ssm-agent[3122439]: 2025-10-12 04:13:14.4245 ERROR EC2RoleProvider Failed to connect to Systems Manager with SSM role credentials. error calling RequestManagedInstanceRoleToken: AccessDeniedException: Systems Manager's instance management role is not configured for account: 227937466084
Oct 12 04:13:14 ip-172-31-29-215 amazon-ssm-agent.amazon-ssm-agent[3122439]: #011status code: 400, request id: 193aba67-ba4b-4eba-9038-571a9d237d08
Oct 12 04:17:01 ip-172-31-29-215 CRON[3985580]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
Oct 12 04:18:19 ip-172-31-29-215 systemd[1]: Starting Ubuntu Advantage Timer for running repeated jobs...
Oct 12 04:18:20 ip-172-31-29-215 systemd[1]: ua-timer.service: Succeeded.
Oct 12 04:18:20 ip-172-31-29-215 systemd[7 port 43846 [preauth]
Oct 12 03:48:35 ip-172-31-29-215 sshd[3985475]: Invalid user sonaruser from 103.171.85.117 port 34868
Oct 12 03:48:35 ip-172-31-29-215 sshd[3985475]: Received disconnect from 103.171.85.117 port 34868:11: Bye Bye [preauth]
Oct 12 03:48:35 ip-172-31-29-215 sshd[3985475]: Disconnected from invalid user sonaruser 103.171.85.117 port 34868 [preauth]
Oct 12 03:50:55 ip-172-31-29-215 sshd[3985478]: Invalid user demo from 103.171.85.117 port 60232
Oct 12 03:50:56 ip-172-31-29-215 sshd[3985478]: Received disconnect from 103.171.85.117 port 60232:11: Bye Bye [preauth]
Oct 12 03:50:56 ip-172-31-29-215 sshd[3985478]: Disconnected from invalid user demo 103.171.85.117 port 60232 [preauth]
Oct 12 03:57:28 ip-172-31-29-215 sshd[3985482]: Invalid user testuser from 116.193.190.134 port 40776
Oct 12 03:57:28 ip-172-31-29-215 sshd[3985482]: Received disconnect from 116.193.190.134 port 40776:11: Bye Bye [preauth]
Oct 12 03:57:28 ip-172-31-29-215 sshd[3985482]: Disconnected from invalid user testuser 116.193.190.134 port 40776 [preauth]
Oct 12 04:00:01 ip-172-31-29-215 CRON[3985487]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Oct 12 04:00:01 ip-172-31-29-215 CRON[3985487]: pam_unix(cron:session): session closed for user smmsp
Oct 12 04:09:01 ip-172-31-29-215 CRON[3985521]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 12 04:09:01 ip-172-31-29-215 CRON[3985521]: pam_unix(cron:session): session closed for user root
Oct 12 04:17:01 ip-172-31-29-215 CRON[3985579]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 12 04:17:01 ip-172-31-29-215 CRON[3985579]: pam_unix(cron:session): session closed for user root
Oct 12 04:20:01 ip-172-31-29-215 CRON[3985598]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Oct 12 04:20:01 ip-172-31-29-215 CRON[3985598]: pam_unix(cron:session): session closed for user smmsp
Oct 12 04:22:30 ip-172-31-29-215 sshd[3985621]: error: kex_exchange_identification: banner line contains invalid characters
Oct 12 04:22:31 ip-172-31-29-215 sshd[3985622]: error: kex_exchange_identification: banner line contains invalid characters
Oct 12 04:22:31 ip-172-31-29-215 sshd[3985624]: error: kex_exchange_identification: client sent invalid protocol identifier "GET / HTTP/1.1"
Oct 12 04:22:32 ip-172-31-29-215 sshd[3985625]: error: kex_exchange_identification: client sent invalid protocol identifier "USER anonymous"
Oct 12 04:22:34 ip-172-31-29-215 sshd[3985620]: Connection reset by 198.235.24.37 port 63164 [preauth]
Oct 12 04:34:40 ip-172-31-29-215 sshd[3985631]: error: kex_exchange_identification: client sent invalid protocol identifier "GET / HTTP/1.1"
Oct 12 04:39:01 ip-172-31-29-215 CRON[3985634]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 12 04:39:01 ip-172-31-29-215 CRON[3985634]: pam_unix(cron:session): session closed for user root
Oct 12 04:40:01 ip-172-31-29-215 CRON[3985692]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Oct 12 04:40:01 ip-172-31-29-215 CRON[3985692]: pam_unix(cron:session): session closed for user smmsp
Oct 12 04:49:18 ip-172-31-29-215 sshd[3985723]: error: kex_exchange_identification: Connection closed by remote host
Oct 12 05:00:01 ip-172-31-29-215 CRON[3985729]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Oct 12 05:00:01 ip-172-31-29-215 CRON[3985729]: pam_unix(cron:session): session closed for user smmsp
Oct 12 05:09:01 ip-172-31-29-215 CRON[3985755]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 12 05:09:01 ip-172-31-29-215 CRON[3985755]: pam_unix(cron:session): session closed for user root
Oct 12 05:17:01 ip-172-31-29-215 CRON[3985813]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 12 05:17:01 ip-172-31-29-215 CRON[3985813]: pam_unix(cron:session): session closed for user root
Oct 12 05:20:01 ip-172-31-29-215 CRON[3985818]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Oct 12 05:20:01 ip-172-31-29-215 CRON[3985818]: pam_unix(cron:session): session closed for user smmsp
Oct 12 0] "GET /laravel/.env HTTP/1.1" 404 4229 "-" "python-requests/2.32.5"
82.165.122.51 - - [12/Oct/2025:03:53:05 -0600] "GET /admin/.env HTTP/1.1" 404 4229 "-" "python-requests/2.32.5"
82.165.122.51 - - [12/Oct/2025:03:53:05 -0600] "GET /site/.env HTTP/1.1" 404 4229 "-" "python-requests/2.32.5"
185.244.104.2 - - [12/Oct/2025:04:17:07 -0600] "PROPFIND / HTTP/1.1" 405 4213 "http://3.22.251.217:443/" "-"
136.143.177.62 - - [12/Oct/2025:04:25:37 -0600] "GET /PCI-test/trademarks.csv HTTP/1.1" 200 36737931 "-" "Zoho_Analytics"
223.181.104.174 - - [12/Oct/2025:04:26:34 -0600] "POST /xmlrpc.php HTTP/1.1" 404 3768 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; x86) AppleWebKit/537.36 (KHTML, like Gecko) Edge/90.0.0.0 Safari/537.36"
43.130.228.73 - - [12/Oct/2025:04:27:44 -0600] "GET / HTTP/1.1" 200 3440 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1"
136.143.176.60 - - [12/Oct/2025:04:32:31 -0600] "GET /PCI-test/trademarks.csv HTTP/1.1" 200 36737931 "-" "Zoho_Analytics"
182.8.227.76 - - [12/Oct/2025:04:33:01 -0600] "GET /.vscode/sftp.json HTTP/1.1" 200 558 "-" "python-requests/2.31.0"
182.8.227.76 - - [12/Oct/2025:04:33:06 -0600] "GET /0x00000.php HTTP/1.1" 404 498 "-" "python-requests/2.31.0"
182.8.227.76 - - [12/Oct/2025:04:33:07 -0600] "GET /conv.php HTTP/1.1" 404 498 "-" "python-requests/2.31.0"
91.224.92.17 - - [12/Oct/2025:04:33:40 -0600] "GET / HTTP/1.1" 200 11173 "-" "-"
43.153.73.200 - - [12/Oct/2025:04:39:58 -0600] "GET / HTTP/1.1" 200 3440 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1"
198.23.128.221 - - [12/Oct/2025:04:44:20 -0600] "GET /.env HTTP/1.1" 404 4229 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36"
198.23.128.221 - - [12/Oct/2025:04:44:21 -0600] "POST / HTTP/1.1" 200 7258 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36"
87.121.84.17 - - [12/Oct/2025:04:46:27 -0600] "GET / HTTP/1.1" 200 3477 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36"
191.242.209.98 - - [12/Oct/2025:04:53:57 -0600] "GET /admin/config.php HTTP/1.0" 404 456 "-" "ivre-masscan/1.3 https://github.com/robertdavidgraham/"
185.244.104.2 - - [12/Oct/2025:04:58:44 -0600] "PROPFIND / HTTP/1.1" 405 4213 "http://3.22.251.217:443/" "-"
43.142.87.72 - - [12/Oct/2025:05:01:28 -0600] "POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1" 400 4177 "-" "libredtail-http"
182.8.227.76 - - [12/Oct/2025:05:02:43 -0600] "GET /.vscode/sftp.json HTTP/1.1" 200 558 "-" "python-requests/2.31.0"
182.8.227.76 - - [12/Oct/2025:05:02:50 -0600] "GET /0x00000.php HTTP/1.1" 404 493 "-" "python-requests/2.31.0"
182.8.227.76 - - [12/Oct/2025:05:02:51 -0600] "GET /conv.php HTTP/1.1" 404 493 "-" "python-requests/2.31.0"
191.242.209.98 - - [12/Oct/2025:05:11:23 -0600] "GET /robots.txt HTTP/1.1" 404 435 "-" "curl/7.88.1"
191.242.209.98 - - [12/Oct/2025:05:11:24 -0600] "\x16\x03\x01\x02" 400 488 "-" "-"
198.235.24.59 - - [12/Oct/2025:05:12:06 -0600] "GET / HTTP/1.1" 200 14921 "-" "-"
185.242.226.110 - - [12/Oct/2025:05:15:33 -0600] "GET / HTTP/1.1" 200 3421 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36"
124.156.187.113 - - [12/Oct/2025:05:16:33 -0600] "HEAD /Core/Skin/Login.aspx HTTP/1.1" 404 140 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
74.176.69.58 - - [12/Oct/2025:05:17:41 -0600] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 437 "-" "-"
74.176.69.58 - - [12/Oct/2025:05:17:41 -0600] "GET /error.php HTTP/1.1" 404 437 "-" "-"
74.176.69.58 - - [12/Oct/2025:05:17:41 -0600] "GET /kao.php HTTP/1.1" 404 437 "-" "-"
74.176.69.58 - - [12/Oct/2025:05:17:42 -0600] "GET /gggssdd.php HTTP/1.1" 404 437
 * Introducing Expanded Security Maintenance for Applications.
   Receive updates to over 25,000 software packages with your
   Ubuntu Pro subscription. Free for personal use.

     https://ubuntu.com/aws/pro