WordPress wp-login brute force :: 2607:5300:60:359c::1 0.048 BYPASS [02/Aug/2019:09:26:27  1000] [censored_4] "POST /wp-login.php HTTP/1.1" 200 3989 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"

Triggered by Fail2Ban at Ares web server

Mar 21 08:09:58 dallas01 sshd[5779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.61.58.227
Mar 21 08:10:01 dallas01 sshd[5779]: Failed password for invalid user mc from 182.61.58.227 port 43662 ssh2
Mar 21 08:12:59 dallas01 sshd[6198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.61.58.227

Invalid user upload from 217.182.33.33 port 46878

Invalid user ti from 177.140.170.98 port 40728

Invalid user ud from 45.66.62.7 port 58440

Invalid user sirle from 101.251.68.232 port 43458

$f2bV_matches_ltvn

Mar 21 15:46:38 Ubuntu-1404-trusty-64-minimal sshd\[18046\]: Invalid user sgdgss from 123.140.114.252
Mar 21 15:46:38 Ubuntu-1404-trusty-64-minimal sshd\[18046\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.140.114.252
Mar 21 15:46:41 Ubuntu-1404-trusty-64-minimal sshd\[18046\]: Failed password for invalid user sgdgss from 123.140.114.252 port 60332 ssh2
Mar 21 15:59:55 Ubuntu-1404-trusty-64-minimal sshd\[26508\]: Invalid user caterina from 123.140.114.252
Mar 21 15:59:55 Ubuntu-1404-trusty-64-minimal sshd\[26508\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.140.114.252

Invalid user lelani from 46.235.26.92 port 55244

Invalid user upload from 202.139.192.142 port 47097

Invalid user irc from 68.74.118.152 port 37504

Mar 21 15:10:44 124388 sshd[1085]: Invalid user instrume from 220.88.1.208 port 42265
Mar 21 15:10:44 124388 sshd[1085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.88.1.208
Mar 21 15:10:44 124388 sshd[1085]: Invalid user instrume from 220.88.1.208 port 42265
Mar 21 15:10:46 124388 sshd[1085]: Failed password for invalid user instrume from 220.88.1.208 port 42265 ssh2
Mar 21 15:12:05 124388 sshd[1094]: Invalid user frontrow from 220.88.1.208 port 52607

Mar 21 15:59:46 dev0-dcde-rnet sshd[21751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.142.241.175
Mar 21 15:59:48 dev0-dcde-rnet sshd[21751]: Failed password for invalid user ebba from 188.142.241.175 port 35321 ssh2
Mar 21 16:09:12 dev0-dcde-rnet sshd[21929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.142.241.175

SSH Brute Force

Dear Ms.  ;
We compromised your devices and we have all your information related to your personal life and your adventures during travels (you know exactly what we mean). You have 24 hours to pay 50 USD, we do not want to expose you since we do not have any benefit doing troubles. We will delete everything related to you and leave you alone (sure 50 USD means nothing to you). If you want to contact the police you are free to do so and we are free to expose you too. We are not criminals, we just need some money, so be gentle and everything will pass safely for you. See how deep we know about you, if you want more we will email your advantures to your relatives:
Pay the 50 USD to XMR (if you face problems pay using Bitcoin) (find out in Google how to):
XMR: 46JJs5ttxR9jdNR2jmNiAbX5QtK3M9faBPPhh7WQwvrs8NLFpsagtZ3gnA6K6pSrm53JefbXGok6GTn7UexPHSBC2w2aN6j
Bitcoin: 3NQCHf924JYzU2LfziVpfrX9cvJGwTCmvi
You can buy XMR from https://localmonero.co/.

Received: from cmgw14.unifiedlayer.com (unknown [66.147.244.17])
	by soproxy11.mail.unifiedlayer.com (Postfix) with ESMTP id 3C4AB24B488
	for ; Fri, 20 Mar 2020 19:25:26 -0600 (MDT)
Received: from md-26.webhostbox.net ([208.91.199.22])
	by cmsmtp with ESMTP
	id FStBj4x60KxvrFStCj7sth; Fri, 20 Mar 2020 19:25:26 -0600