2604:a880:800:a1::325:1 - - [28/Aug/2020:06:04:58 -0600] "GET /wp-login.php HTTP/1.1" 301 476 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
...

20 attempts against mh-misbehave-ban on twig

Jul 19 12:13:44 dev0-dcde-rnet sshd[29093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.155.186
Jul 19 12:13:46 dev0-dcde-rnet sshd[29093]: Failed password for invalid user ti from 134.209.155.186 port 53778 ssh2
Jul 19 12:16:28 dev0-dcde-rnet sshd[29328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.155.186

07/19/2020-06:41:50.097090 193.32.161.147 Protocol: 6 ET DROP Dshield Block Listed Source group 1

Jul 19 09:46:48 ns382633 sshd\[18033\]: Invalid user stan from 106.13.98.132 port 53432
Jul 19 09:46:48 ns382633 sshd\[18033\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.98.132
Jul 19 09:46:50 ns382633 sshd\[18033\]: Failed password for invalid user stan from 106.13.98.132 port 53432 ssh2
Jul 19 09:51:45 ns382633 sshd\[18947\]: Invalid user godzilla from 106.13.98.132 port 38832
Jul 19 09:51:45 ns382633 sshd\[18947\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.98.132

Jul 19 00:42:16 dignus sshd[25310]: Failed password for invalid user utl from 124.158.164.146 port 33186 ssh2
Jul 19 00:47:04 dignus sshd[25791]: Invalid user mysql from 124.158.164.146 port 51070
Jul 19 00:47:04 dignus sshd[25791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.158.164.146
Jul 19 00:47:06 dignus sshd[25791]: Failed password for invalid user mysql from 124.158.164.146 port 51070 ssh2
Jul 19 00:52:02 dignus sshd[26348]: Invalid user huawei from 124.158.164.146 port 45286
...

Invalid user sjj from 51.254.100.56 port 38934

2020-07-19T08:15:48.328370upcloud.m0sh1x2.com sshd[13054]: Invalid user gregory from 212.47.233.253 port 50786

Jul 19 11:59:57 [host] sshd[18882]: Invalid user c
Jul 19 11:59:57 [host] sshd[18882]: pam_unix(sshd:
Jul 19 11:59:59 [host] sshd[18882]: Failed passwor

prod6
...

Jul 19 12:31:30 mail.srvfarm.net dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=93.174.93.25, lip=185.118.197.126, session=
Jul 19 12:32:01 mail.srvfarm.net dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=93.174.93.25, lip=185.118.197.126, session=
Jul 19 12:32:26 mail.srvfarm.net dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=93.174.93.25, lip=185.118.197.126, session=
Jul 19 12:33:03 mail.srvfarm.net dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=93.174.93.25, lip=185.118.197.126, session=<7b4c6siqrs1drl0Z>
Jul 19 12:34:14 mail.srvfarm.net dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=93.174.93.25, lip=

Jul 19 11:58:12 OPSO sshd\[12018\]: Invalid user wur from 27.115.62.134 port 48430
Jul 19 11:58:12 OPSO sshd\[12018\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.115.62.134
Jul 19 11:58:14 OPSO sshd\[12018\]: Failed password for invalid user wur from 27.115.62.134 port 48430 ssh2
Jul 19 12:03:29 OPSO sshd\[13451\]: Invalid user user from 27.115.62.134 port 21428
Jul 19 12:03:29 OPSO sshd\[13451\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.115.62.134

Jul 19 13:01:22 server sshd[38126]: Failed password for invalid user aru from 59.152.98.163 port 48724 ssh2
Jul 19 13:06:52 server sshd[42409]: Failed password for invalid user ute from 59.152.98.163 port 33060 ssh2
Jul 19 13:12:13 server sshd[46750]: Failed password for invalid user itg from 59.152.98.163 port 45632 ssh2

$f2bV_matches

Jul 19 12:53:32 vps sshd[700160]: Failed password for root from 112.85.42.172 port 7171 ssh2
Jul 19 12:53:36 vps sshd[700160]: Failed password for root from 112.85.42.172 port 7171 ssh2
Jul 19 12:53:39 vps sshd[700160]: Failed password for root from 112.85.42.172 port 7171 ssh2
Jul 19 12:53:42 vps sshd[700160]: Failed password for root from 112.85.42.172 port 7171 ssh2
Jul 19 12:53:45 vps sshd[700160]: Failed password for root from 112.85.42.172 port 7171 ssh2
...

$f2bV_matches