Lines containing failures of 195.231.11.11
Oct  6 09:53:53 MAKserver06 sshd[1701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.231.11.11  user=r.r
Oct  6 09:53:55 MAKserver06 sshd[1701]: Failed password for r.r from 195.231.11.11 port 42442 ssh2
Oct  6 09:53:55 MAKserver06 sshd[1701]: Received disconnect from 195.231.11.11 port 42442:11: Bye Bye [preauth]
Oct  6 09:53:55 MAKserver06 sshd[1701]: Disconnected from authenticating user r.r 195.231.11.11 port 42442 [preauth]
Oct  6 10:09:07 MAKserver06 sshd[4344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.231.11.11  user=r.r
Oct  6 10:09:09 MAKserver06 sshd[4344]: Failed password for r.r from 195.231.11.11 port 55890 ssh2
Oct  6 10:09:09 MAKserver06 sshd[4344]: Received disconnect from 195.231.11.11 port 55890:11: Bye Bye [preauth]
Oct  6 10:09:09 MAKserver06 sshd[4344]: Disconnected from authenticating user r.r 195.231.11.11 por........
------------------------------

Lines containing failures of 195.231.11.11
Oct  6 09:53:53 MAKserver06 sshd[1701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.231.11.11  user=r.r
Oct  6 09:53:55 MAKserver06 sshd[1701]: Failed password for r.r from 195.231.11.11 port 42442 ssh2
Oct  6 09:53:55 MAKserver06 sshd[1701]: Received disconnect from 195.231.11.11 port 42442:11: Bye Bye [preauth]
Oct  6 09:53:55 MAKserver06 sshd[1701]: Disconnected from authenticating user r.r 195.231.11.11 port 42442 [preauth]
Oct  6 10:09:07 MAKserver06 sshd[4344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.231.11.11  user=r.r
Oct  6 10:09:09 MAKserver06 sshd[4344]: Failed password for r.r from 195.231.11.11 port 55890 ssh2
Oct  6 10:09:09 MAKserver06 sshd[4344]: Received disconnect from 195.231.11.11 port 55890:11: Bye Bye [preauth]
Oct  6 10:09:09 MAKserver06 sshd[4344]: Disconnected from authenticating user r.r 195.231.11.11 por........
------------------------------

Port scan on 5 port(s): 5061 5062 5063 5064 5065

2020-05-11T15:23:23.300349  sshd[11247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.231.11.101  user=root
2020-05-11T15:23:24.899364  sshd[11247]: Failed password for root from 195.231.11.101 port 54764 ssh2
2020-05-11T15:23:42.106826  sshd[11259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.231.11.101  user=root
2020-05-11T15:23:43.980902  sshd[11259]: Failed password for root from 195.231.11.101 port 40778 ssh2
...

ET SCAN Sipvicious Scan - port: 5060 proto: UDP cat: Attempted Information Leak

May 10 23:25:05 baguette sshd\[17191\]: Invalid user user from 195.231.11.101 port 54928
May 10 23:25:05 baguette sshd\[17191\]: Invalid user user from 195.231.11.101 port 54928
May 10 23:25:18 baguette sshd\[17193\]: Invalid user user from 195.231.11.101 port 51786
May 10 23:25:18 baguette sshd\[17193\]: Invalid user user from 195.231.11.101 port 51786
May 10 23:25:22 baguette sshd\[17195\]: Invalid user admin from 195.231.11.101 port 48526
May 10 23:25:22 baguette sshd\[17195\]: Invalid user admin from 195.231.11.101 port 48526
...

(sshd) Failed SSH login from 195.231.11.101 (IT/Italy/host101-11-231-195.serverdedicati.aruba.it): 5 in the last 3600 secs

22/tcp
[2020-05-10]1pkt

May  9 03:38:08 debian-2gb-nbg1-2 kernel: \[11247167.046000\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=195.231.11.144 DST=195.201.40.59 LEN=40 TOS=0x08 PREC=0x20 TTL=241 ID=54321 PROTO=TCP SPT=35946 DPT=81 WINDOW=65535 RES=0x00 SYN URGP=0

2020-05-08 21:58:31.791978-0500  localhost sshd[88335]: Failed password for invalid user admin from 195.231.11.201 port 34784 ssh2

May  8 23:14:55 dcd-gentoo sshd[29347]: User root from 195.231.11.201 not allowed because none of user's groups are listed in AllowGroups
May  8 23:15:12 dcd-gentoo sshd[29364]: User root from 195.231.11.201 not allowed because none of user's groups are listed in AllowGroups
May  8 23:15:30 dcd-gentoo sshd[29384]: User root from 195.231.11.201 not allowed because none of user's groups are listed in AllowGroups
...

Lines containing failures of 195.231.11.144
May  8 09:47:59 kmh-vmh-001-fsn07 sshd[22724]: Did not receive identification string from 195.231.11.144 port 52536
May  8 09:48:42 kmh-vmh-001-fsn07 sshd[22881]: Invalid user 94.237.12.70 from 195.231.11.144 port 55874
May  8 09:48:42 kmh-vmh-001-fsn07 sshd[22881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.231.11.144 
May  8 09:48:44 kmh-vmh-001-fsn07 sshd[22881]: Failed password for invalid user 94.237.12.70 from 195.231.11.144 port 55874 ssh2
May  8 09:48:44 kmh-vmh-001-fsn07 sshd[22881]: Received disconnect from 195.231.11.144 port 55874:11: Normal Shutdown, Thank you for playing [preauth]
May  8 09:48:44 kmh-vmh-001-fsn07 sshd[22881]: Disconnected from invalid user 94.237.12.70 195.231.11.144 port 55874 [preauth]
May  8 09:49:16 kmh-vmh-001-fsn07 sshd[23092]: Invalid user 167.172.177.102 from 195.231.11.144 port 49924
May  8 09:49:16 kmh-vmh-001-fsn07 sshd[23092]: pam_unix(........
------------------------------

May  8 09:16:31 ift sshd\[30514\]: Failed password for root from 195.231.11.201 port 34912 ssh2May  8 09:16:49 ift sshd\[30523\]: Failed password for root from 195.231.11.201 port 54590 ssh2May  8 09:17:06 ift sshd\[30528\]: Failed password for root from 195.231.11.201 port 46014 ssh2May  8 09:17:24 ift sshd\[30547\]: Failed password for root from 195.231.11.201 port 37478 ssh2May  8 09:17:41 ift sshd\[30556\]: Failed password for root from 195.231.11.201 port 57168 ssh2
...

May  7 19:22:42 server sshd[20930]: Failed password for root from 195.231.11.201 port 37734 ssh2
May  7 19:23:01 server sshd[21041]: Failed password for root from 195.231.11.201 port 36078 ssh2
May  7 19:23:19 server sshd[21162]: Failed password for root from 195.231.11.201 port 34124 ssh2

May  7 11:41:05 ntop sshd[20336]: Did not receive identification string from 195.231.11.201 port 58876
May  7 11:41:06 ntop sshd[20346]: Did not receive identification string from 195.231.11.201 port 33372
May  7 11:41:08 ntop sshd[20373]: Did not receive identification string from 195.231.11.201 port 34004
May  7 11:41:49 ntop sshd[20736]: User r.r from 195.231.11.201 not allowed because not listed in AllowUsers
May  7 11:41:49 ntop sshd[20736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.231.11.201  user=r.r
May  7 11:41:51 ntop sshd[20736]: Failed password for invalid user r.r from 195.231.11.201 port 51160 ssh2
May  7 11:41:52 ntop sshd[20736]: Received disconnect from 195.231.11.201 port 51160:11: Normal Shutdown, Thank you for playing [preauth]
May  7 11:41:52 ntop sshd[20736]: Disconnected from invalid user r.r 195.231.11.201 port 51160 [preauth]
May  7 11:44:32 ntop sshd[22387]: User r.r from 195.231.11.201 not all........
-------------------------------

28.04.2020 23:36:16 Connection to port 81 blocked by firewall

Apr 26 17:45:12 debian-2gb-nbg1-2 kernel: \[10174847.568512\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=195.231.11.179 DST=195.201.40.59 LEN=40 TOS=0x08 PREC=0x20 TTL=241 ID=54321 PROTO=TCP SPT=43449 DPT=81 WINDOW=65535 RES=0x00 SYN URGP=0

Aug 21 22:25:37 mail sshd\[1876\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.58.142
Aug 21 22:25:39 mail sshd\[1876\]: Failed password for invalid user mathew from 37.59.58.142 port 55510 ssh2
Aug 21 22:30:29 mail sshd\[2389\]: Invalid user nagiosadmin from 37.59.58.142 port 46560
Aug 21 22:30:29 mail sshd\[2389\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.58.142
Aug 21 22:30:31 mail sshd\[2389\]: Failed password for invalid user nagiosadmin from 37.59.58.142 port 46560 ssh2

Aug 23 00:15:43 nextcloud sshd\[11256\]: Invalid user charles from 138.197.147.233
Aug 23 00:15:43 nextcloud sshd\[11256\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.147.233
Aug 23 00:15:45 nextcloud sshd\[11256\]: Failed password for invalid user charles from 138.197.147.233 port 52980 ssh2
...

Unauthorized connection attempt from IP address 14.207.203.4 on Port 445(SMB)

68.183.11.83    Trojan port 80   reported blocked by Malwarebytes
going on every few minutes for a couple of days now

Aug 22 23:49:39 ubuntu-2gb-nbg1-dc3-1 sshd[27267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.37.230.141
Aug 22 23:49:41 ubuntu-2gb-nbg1-dc3-1 sshd[27267]: Failed password for invalid user zzz from 54.37.230.141 port 38408 ssh2
...

Invalid user reward from 138.197.162.32 port 40812

Unauthorized connection attempt from IP address 187.174.169.103 on Port 445(SMB)

\[2019-08-22 23:34:30\] NOTICE\[2943\] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '\' failed for '5.62.41.134:2371' \(callid: 85076378-615406404-1587909906\) - Failed to authenticate
\[2019-08-22 23:34:30\] SECURITY\[1715\] res_security_log.c: SecurityEvent="ChallengeResponseFailed",EventTV="2019-08-22T23:34:30.521+0200",Severity="Error",Service="PJSIP",EventVersion="1",AccountID="\",SessionID="85076378-615406404-1587909906",LocalAddress="IPV4/UDP/188.40.118.248/5060",RemoteAddress="IPV4/UDP/5.62.41.134/2371",Challenge="1566509670/f2722cca449c16f54c59162ba16af33c",Response="31427d1ea3ef5e572f844baf86de758b",ExpectedResponse=""
\[2019-08-22 23:34:30\] NOTICE\[9368\] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '\' failed for '5.62.41.134:2371' \(callid: 85076378-615406404-1587909906\) - Failed to authenticate
\[2019-08-22 23:34:30\] SECURITY\[1715\] res_security_log.c: SecurityEvent="ChallengeResponseFailed",EventT

Aug 22 21:32:34 vps647732 sshd[26788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.170.249.6
Aug 22 21:32:36 vps647732 sshd[26788]: Failed password for invalid user oi from 107.170.249.6 port 46213 ssh2
...

Aug 22 21:32:53 raspberrypi sshd\[29450\]: Did not receive identification string from 179.96.199.94
...

Aug 23 00:25:36 ArkNodeAT sshd\[16621\]: Invalid user east from 43.242.122.177
Aug 23 00:25:36 ArkNodeAT sshd\[16621\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.242.122.177
Aug 23 00:25:38 ArkNodeAT sshd\[16621\]: Failed password for invalid user east from 43.242.122.177 port 51016 ssh2

Aug 23 00:02:16 mail sshd\[4870\]: Failed password for root from 218.92.0.204 port 36109 ssh2
Aug 23 00:03:06 mail sshd\[1734\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
Aug 23 00:03:08 mail sshd\[1734\]: Failed password for root from 218.92.0.204 port 10500 ssh2
Aug 23 00:03:10 mail sshd\[1734\]: Failed password for root from 218.92.0.204 port 10500 ssh2
Aug 23 00:03:13 mail sshd\[1734\]: Failed password for root from 218.92.0.204 port 10500 ssh2

Aug 22 22:19:08 web8 sshd\[4774\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.86.179.186  user=nobody
Aug 22 22:19:10 web8 sshd\[4774\]: Failed password for nobody from 92.86.179.186 port 37206 ssh2
Aug 22 22:23:31 web8 sshd\[6901\]: Invalid user contas from 92.86.179.186
Aug 22 22:23:31 web8 sshd\[6901\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.86.179.186
Aug 22 22:23:33 web8 sshd\[6901\]: Failed password for invalid user contas from 92.86.179.186 port 54702 ssh2

$f2bV_matches

Aug 22 22:05:23 vps sshd\[18456\]: Invalid user dave from 104.238.116.94
Aug 22 22:09:05 vps sshd\[18544\]: Invalid user jeffb from 104.238.116.94
...