May 24 10:22:42 NPSTNNYC01T sshd[28049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.98.234.214
May 24 10:22:44 NPSTNNYC01T sshd[28049]: Failed password for invalid user akp from 114.98.234.214 port 59122 ssh2
May 24 10:28:22 NPSTNNYC01T sshd[28474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.98.234.214
...

May 15 23:02:30 abendstille sshd\[5325\]: Invalid user minecraft from 114.98.234.214
May 15 23:02:30 abendstille sshd\[5325\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.98.234.214
May 15 23:02:32 abendstille sshd\[5325\]: Failed password for invalid user minecraft from 114.98.234.214 port 42958 ssh2
May 15 23:06:24 abendstille sshd\[9072\]: Invalid user rancher from 114.98.234.214
May 15 23:06:24 abendstille sshd\[9072\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.98.234.214
...

2020-05-10T14:34:56.202271linuxbox-skyline sshd[71607]: Invalid user yamada from 114.98.234.214 port 58442
...

May  2 14:09:52 vpn01 sshd[1143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.98.234.214
May  2 14:09:54 vpn01 sshd[1143]: Failed password for invalid user testftp from 114.98.234.214 port 48226 ssh2
...

Invalid user zym from 114.98.234.214 port 43132

$f2bV_matches

Apr 15 15:52:10 vserver sshd\[18311\]: Invalid user tim from 114.98.234.214Apr 15 15:52:11 vserver sshd\[18311\]: Failed password for invalid user tim from 114.98.234.214 port 37406 ssh2Apr 15 15:56:00 vserver sshd\[18348\]: Invalid user dev from 114.98.234.214Apr 15 15:56:01 vserver sshd\[18348\]: Failed password for invalid user dev from 114.98.234.214 port 51746 ssh2
...

Invalid user plex from 114.98.234.247 port 38088

Jun 22 06:52:09 mout sshd[19674]: Disconnected from authenticating user root 114.98.234.247 port 56128 [preauth]
Jun 22 07:58:49 mout sshd[24971]: Invalid user owen from 114.98.234.247 port 58918
Jun 22 07:58:49 mout sshd[24971]: Invalid user owen from 114.98.234.247 port 58918

2020-06-19T12:04:51.216044randservbullet-proofcloud-66.localdomain sshd[3337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.98.234.247  user=root
2020-06-19T12:04:53.998286randservbullet-proofcloud-66.localdomain sshd[3337]: Failed password for root from 114.98.234.247 port 54150 ssh2
2020-06-19T12:15:54.501841randservbullet-proofcloud-66.localdomain sshd[3354]: Invalid user oracle from 114.98.234.247 port 43018
...

Jun 13 23:00:25 v22019038103785759 sshd\[16814\]: Invalid user sreckels from 114.98.234.247 port 40746
Jun 13 23:00:25 v22019038103785759 sshd\[16814\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.98.234.247
Jun 13 23:00:27 v22019038103785759 sshd\[16814\]: Failed password for invalid user sreckels from 114.98.234.247 port 40746 ssh2
Jun 13 23:05:47 v22019038103785759 sshd\[17105\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.98.234.247  user=root
Jun 13 23:05:48 v22019038103785759 sshd\[17105\]: Failed password for root from 114.98.234.247 port 36772 ssh2
...

2020-06-01T13:19:48.485627shield sshd\[10670\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.98.234.247  user=root
2020-06-01T13:19:51.086645shield sshd\[10670\]: Failed password for root from 114.98.234.247 port 34160 ssh2
2020-06-01T13:21:53.434533shield sshd\[11296\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.98.234.247  user=root
2020-06-01T13:21:54.865821shield sshd\[11296\]: Failed password for root from 114.98.234.247 port 57122 ssh2
2020-06-01T13:23:57.015408shield sshd\[11803\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.98.234.247  user=root

Invalid user postgres from 114.98.234.247 port 43754

May 11 23:13:24 server1 sshd\[15498\]: Invalid user sinusbot3 from 114.98.234.247
May 11 23:13:24 server1 sshd\[15498\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.98.234.247 
May 11 23:13:26 server1 sshd\[15498\]: Failed password for invalid user sinusbot3 from 114.98.234.247 port 43290 ssh2
May 11 23:15:43 server1 sshd\[16212\]: Invalid user shen from 114.98.234.247
May 11 23:15:43 server1 sshd\[16212\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.98.234.247 
...

Apr 29 14:03:41 DAAP sshd[25627]: Invalid user www from 114.98.234.247 port 35628
Apr 29 14:03:41 DAAP sshd[25627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.98.234.247
Apr 29 14:03:41 DAAP sshd[25627]: Invalid user www from 114.98.234.247 port 35628
Apr 29 14:03:43 DAAP sshd[25627]: Failed password for invalid user www from 114.98.234.247 port 35628 ssh2
...

SSH authentication failure x 6 reported by Fail2Ban
...

Apr 25 18:46:39 sip sshd[11422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.98.234.247
Apr 25 18:46:41 sip sshd[11422]: Failed password for invalid user wpyan from 114.98.234.247 port 46156 ssh2
Apr 25 19:03:47 sip sshd[17648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.98.234.247

Apr 19 18:08:24 vlre-nyc-1 sshd\[30238\]: Invalid user mu from 114.98.234.247
Apr 19 18:08:24 vlre-nyc-1 sshd\[30238\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.98.234.247
Apr 19 18:08:26 vlre-nyc-1 sshd\[30238\]: Failed password for invalid user mu from 114.98.234.247 port 40670 ssh2
Apr 19 18:12:20 vlre-nyc-1 sshd\[30298\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.98.234.247  user=root
Apr 19 18:12:21 vlre-nyc-1 sshd\[30298\]: Failed password for root from 114.98.234.247 port 35682 ssh2
...

122.228.19.80 was recorded 5 times by 4 hosts attempting to connect to the following ports: 8161,113,523,4786,500. Incident counter (4h, 24h, all-time): 5, 58, 28786

Mar 26 13:37:27 srv-ubuntu-dev3 sshd[71070]: Invalid user deploy4 from 51.83.75.97
Mar 26 13:37:27 srv-ubuntu-dev3 sshd[71070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.75.97
Mar 26 13:37:27 srv-ubuntu-dev3 sshd[71070]: Invalid user deploy4 from 51.83.75.97
Mar 26 13:37:28 srv-ubuntu-dev3 sshd[71070]: Failed password for invalid user deploy4 from 51.83.75.97 port 50228 ssh2
Mar 26 13:41:06 srv-ubuntu-dev3 sshd[71683]: Invalid user student from 51.83.75.97
Mar 26 13:41:07 srv-ubuntu-dev3 sshd[71683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.75.97
Mar 26 13:41:06 srv-ubuntu-dev3 sshd[71683]: Invalid user student from 51.83.75.97
Mar 26 13:41:08 srv-ubuntu-dev3 sshd[71683]: Failed password for invalid user student from 51.83.75.97 port 35060 ssh2
Mar 26 13:44:58 srv-ubuntu-dev3 sshd[72325]: Invalid user mv from 51.83.75.97
...

Mar 26 13:25:36 wordpress wordpress(blog.ruhnke.cloud)[33415]: XML-RPC authentication attempt for unknown user [login] from 2001:41d0:8:6a50::

Mar 26 13:19:30 ns382633 sshd\[12052\]: Invalid user ly from 103.43.186.34 port 2172
Mar 26 13:19:30 ns382633 sshd\[12052\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.43.186.34
Mar 26 13:19:32 ns382633 sshd\[12052\]: Failed password for invalid user ly from 103.43.186.34 port 2172 ssh2
Mar 26 13:26:13 ns382633 sshd\[13603\]: Invalid user octavia from 103.43.186.34 port 2174
Mar 26 13:26:13 ns382633 sshd\[13603\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.43.186.34

2020-03-26 13:41:45 dovecot_plain authenticator failed for \(swim.diverseenvironment.com.\) \[185.211.245.198\]: 535 Incorrect authentication data \(set_id=admin@no-server.de\)
2020-03-26 13:41:45 dovecot_plain authenticator failed for \(swim.diverseenvironment.com.\) \[185.211.245.198\]: 535 Incorrect authentication data \(set_id=admin@no-server.de\)
2020-03-26 13:41:51 dovecot_plain authenticator failed for \(swim.diverseenvironment.com.\) \[185.211.245.198\]: 535 Incorrect authentication data \(set_id=admin\)
2020-03-26 13:41:52 dovecot_plain authenticator failed for \(swim.diverseenvironment.com.\) \[185.211.245.198\]: 535 Incorrect authentication data \(set_id=admin\)
2020-03-26 13:47:42 dovecot_plain authenticator failed for \(swim.diverseenvironment.com.\) \[185.211.245.198\]: 535 Incorrect authentication data \(set_id=admin@no-server.de\)
2020-03-26 13:47:42 dovecot_plain authenticator failed for \(swim.diverseenvironment.com.\) \[185.211.245.198\]: 535 Incorrect authentication
...

Automatic report - Port Scan Attack

103.83.36.101 - - \[26/Mar/2020:13:26:03 +0100\] "POST /wp-login.php HTTP/1.0" 200 5728 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"
103.83.36.101 - - \[26/Mar/2020:13:26:05 +0100\] "POST /wp-login.php HTTP/1.0" 200 5728 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"
103.83.36.101 - - \[26/Mar/2020:13:26:05 +0100\] "POST /xmlrpc.php HTTP/1.0" 200 802 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"

Mar 26 13:33:40 vps sshd[214544]: Failed password for invalid user shachunyang from 167.114.131.19 port 38527 ssh2
Mar 26 13:37:36 vps sshd[236380]: Invalid user openvpn from 167.114.131.19 port 52160
Mar 26 13:37:36 vps sshd[236380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.114.131.19
Mar 26 13:37:38 vps sshd[236380]: Failed password for invalid user openvpn from 167.114.131.19 port 52160 ssh2
Mar 26 13:41:21 vps sshd[258228]: Invalid user wanetta from 167.114.131.19 port 9292
...

Unauthorized connection attempt detected from IP address 222.186.30.35 to port 22

Mar 26 14:09:17 legacy sshd[9443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.136.76.230
Mar 26 14:09:20 legacy sshd[9443]: Failed password for invalid user sftp from 152.136.76.230 port 33490 ssh2
Mar 26 14:13:24 legacy sshd[9542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.136.76.230
...

93.114.86.226 - - [26/Mar/2020:13:25:54 +0100] "GET /wp-login.php HTTP/1.1" 200 6136 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
93.114.86.226 - - [26/Mar/2020:13:25:56 +0100] "POST /wp-login.php HTTP/1.1" 200 7014 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
93.114.86.226 - - [26/Mar/2020:13:25:58 +0100] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"

[2020-03-26 08:17:17] NOTICE[1148][C-00017160] chan_sip.c: Call from '' (45.143.221.59:57629) to extension '9442080892691' rejected because extension not found in context 'public'.
[2020-03-26 08:17:17] SECURITY[1163] res_security_log.c: SecurityEvent="FailedACL",EventTV="2020-03-26T08:17:17.108-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="9442080892691",SessionID="0x7fd82c530768",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/45.143.221.59/57629",ACLName="no_extension_match"
[2020-03-26 08:26:19] NOTICE[1148][C-00017164] chan_sip.c: Call from '' (45.143.221.59:55270) to extension '011442080892691' rejected because extension not found in context 'public'.
[2020-03-26 08:26:19] SECURITY[1163] res_security_log.c: SecurityEvent="FailedACL",EventTV="2020-03-26T08:26:19.388-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="011442080892691",SessionID="0x7fd82cdb8718",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/45.1
...

2020-03-26T06:26:12.071936linuxbox-skyline sshd[41145]: Invalid user krishnaji from 182.184.44.6 port 57482
...

Mar 26 09:25:38 firewall sshd[27620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.211.104.34
Mar 26 09:25:38 firewall sshd[27620]: Invalid user sdco from 129.211.104.34
Mar 26 09:25:40 firewall sshd[27620]: Failed password for invalid user sdco from 129.211.104.34 port 52836 ssh2
...

Invalid user xiaomai from 178.128.34.14 port 53893