Oct 14 01:32:29 santamaria sshd\[17280\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.138.1  user=root
Oct 14 01:32:30 santamaria sshd\[17280\]: Failed password for root from 51.178.138.1 port 41596 ssh2
Oct 14 01:42:29 santamaria sshd\[17481\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.138.1  user=root
...

Oct  1 02:19:42 vlre-nyc-1 sshd\[31687\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.138.1  user=root
Oct  1 02:19:44 vlre-nyc-1 sshd\[31687\]: Failed password for root from 51.178.138.1 port 42262 ssh2
Oct  1 02:29:37 vlre-nyc-1 sshd\[31894\]: Invalid user ubuntu from 51.178.138.1
Oct  1 02:29:37 vlre-nyc-1 sshd\[31894\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.138.1
Oct  1 02:29:39 vlre-nyc-1 sshd\[31894\]: Failed password for invalid user ubuntu from 51.178.138.1 port 53836 ssh2
Oct  1 02:34:00 vlre-nyc-1 sshd\[31957\]: Invalid user ftpuser from 51.178.138.1
Oct  1 02:34:00 vlre-nyc-1 sshd\[31957\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.138.1
Oct  1 02:34:02 vlre-nyc-1 sshd\[31957\]: Failed password for invalid user ftpuser from 51.178.138.1 port 32914 ssh2
Oct  1 02:38:12 vlre-nyc-1 sshd\[32010\]: Invalid user w
...

Oct  3 13:04:46 124388 sshd[18927]: Invalid user erp from 51.178.138.1 port 36296
Oct  3 13:04:46 124388 sshd[18927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.138.1
Oct  3 13:04:46 124388 sshd[18927]: Invalid user erp from 51.178.138.1 port 36296
Oct  3 13:04:48 124388 sshd[18927]: Failed password for invalid user erp from 51.178.138.1 port 36296 ssh2
Oct  3 13:09:12 124388 sshd[19152]: Invalid user postgres from 51.178.138.1 port 43800

Oct  3 09:23:58 ip-172-31-42-142 sshd\[27822\]: Invalid user allan from 51.178.138.1\
Oct  3 09:24:01 ip-172-31-42-142 sshd\[27822\]: Failed password for invalid user allan from 51.178.138.1 port 58830 ssh2\
Oct  3 09:27:59 ip-172-31-42-142 sshd\[27899\]: Invalid user usuario from 51.178.138.1\
Oct  3 09:28:02 ip-172-31-42-142 sshd\[27899\]: Failed password for invalid user usuario from 51.178.138.1 port 38544 ssh2\
Oct  3 09:32:25 ip-172-31-42-142 sshd\[27952\]: Invalid user dev from 51.178.138.1\

$f2bV_matches

Aug 22 05:46:23 ns382633 sshd\[9238\]: Invalid user teamspeak from 51.178.138.1 port 42492
Aug 22 05:46:23 ns382633 sshd\[9238\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.138.1
Aug 22 05:46:25 ns382633 sshd\[9238\]: Failed password for invalid user teamspeak from 51.178.138.1 port 42492 ssh2
Aug 22 05:56:20 ns382633 sshd\[10938\]: Invalid user adolfo from 51.178.138.1 port 57036
Aug 22 05:56:20 ns382633 sshd\[10938\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.138.1

Automatic report BANNED IP

Connection to SSH Honeypot - Detected by HoneypotDB

bruteforce detected

Jul 29 22:42:05 buvik sshd[2085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.138.1
Jul 29 22:42:08 buvik sshd[2085]: Failed password for invalid user tbjeong from 51.178.138.1 port 46228 ssh2
Jul 29 22:46:40 buvik sshd[2739]: Invalid user webdev from 51.178.138.1
...

Jul 29 02:09:34 server1 sshd\[15693\]: Invalid user sima from 51.178.138.1
Jul 29 02:09:34 server1 sshd\[15693\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.138.1 
Jul 29 02:09:36 server1 sshd\[15693\]: Failed password for invalid user sima from 51.178.138.1 port 48354 ssh2
Jul 29 02:13:48 server1 sshd\[19019\]: Invalid user zhangchunxu from 51.178.138.1
Jul 29 02:13:48 server1 sshd\[19019\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.138.1 
...

(sshd) Failed SSH login from 51.178.138.1 (FR/France/vps-fa71e64b.vps.ovh.net): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Jul 27 13:40:43 grace sshd[14934]: Invalid user mass from 51.178.138.1 port 34764
Jul 27 13:40:46 grace sshd[14934]: Failed password for invalid user mass from 51.178.138.1 port 34764 ssh2
Jul 27 13:51:50 grace sshd[16232]: Invalid user gpadmin from 51.178.138.1 port 44144
Jul 27 13:51:52 grace sshd[16232]: Failed password for invalid user gpadmin from 51.178.138.1 port 44144 ssh2
Jul 27 13:57:05 grace sshd[16887]: Invalid user avr from 51.178.138.1 port 58560

Jul 27 10:58:18 rotator sshd\[8676\]: Invalid user gangadhar from 51.178.138.1Jul 27 10:58:19 rotator sshd\[8676\]: Failed password for invalid user gangadhar from 51.178.138.1 port 49554 ssh2Jul 27 11:02:54 rotator sshd\[9551\]: Invalid user ftptest from 51.178.138.1Jul 27 11:02:56 rotator sshd\[9551\]: Failed password for invalid user ftptest from 51.178.138.1 port 33350 ssh2Jul 27 11:07:23 rotator sshd\[10358\]: Invalid user angie from 51.178.138.1Jul 27 11:07:26 rotator sshd\[10358\]: Failed password for invalid user angie from 51.178.138.1 port 45376 ssh2
...

2020-07-25T00:13:43.593041snf-827550 sshd[18503]: Invalid user lzhang from 51.178.138.1 port 46518
2020-07-25T00:13:44.914484snf-827550 sshd[18503]: Failed password for invalid user lzhang from 51.178.138.1 port 46518 ssh2
2020-07-25T00:21:27.333981snf-827550 sshd[18557]: Invalid user version from 51.178.138.1 port 39626
...

Jul 24 14:31:19 home sshd[468524]: Invalid user link from 51.178.138.1 port 33784
Jul 24 14:31:19 home sshd[468524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.138.1 
Jul 24 14:31:19 home sshd[468524]: Invalid user link from 51.178.138.1 port 33784
Jul 24 14:31:21 home sshd[468524]: Failed password for invalid user link from 51.178.138.1 port 33784 ssh2
Jul 24 14:36:00 home sshd[468933]: Invalid user greg from 51.178.138.1 port 46824
...

Jul 22 14:43:29 plex-server sshd[559466]: Invalid user frodo from 51.178.138.1 port 54804
Jul 22 14:43:29 plex-server sshd[559466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.138.1 
Jul 22 14:43:29 plex-server sshd[559466]: Invalid user frodo from 51.178.138.1 port 54804
Jul 22 14:43:31 plex-server sshd[559466]: Failed password for invalid user frodo from 51.178.138.1 port 54804 ssh2
Jul 22 14:48:05 plex-server sshd[561371]: Invalid user support from 51.178.138.1 port 39036
...

2020-07-10T14:30:01.748579vps773228.ovh.net sshd[28638]: Invalid user bowei from 51.178.138.1 port 42114
2020-07-10T14:30:01.757986vps773228.ovh.net sshd[28638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=vps-fa71e64b.vps.ovh.net
2020-07-10T14:30:01.748579vps773228.ovh.net sshd[28638]: Invalid user bowei from 51.178.138.1 port 42114
2020-07-10T14:30:04.389070vps773228.ovh.net sshd[28638]: Failed password for invalid user bowei from 51.178.138.1 port 42114 ssh2
2020-07-10T14:33:02.318388vps773228.ovh.net sshd[28662]: Invalid user billie from 51.178.138.1 port 33236
...

Invalid user zc from 51.178.138.1 port 55006

$f2bV_matches

Jun 25 13:13:03 jane sshd[5386]: Failed password for root from 51.178.138.1 port 35768 ssh2
...

2020-06-24T23:48:10.731036vps773228.ovh.net sshd[10497]: Failed password for invalid user sysadmin from 51.178.138.1 port 56422 ssh2
2020-06-24T23:51:43.950926vps773228.ovh.net sshd[10535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=vps-fa71e64b.vps.ovh.net  user=root
2020-06-24T23:51:45.481607vps773228.ovh.net sshd[10535]: Failed password for root from 51.178.138.1 port 56664 ssh2
2020-06-24T23:55:27.011910vps773228.ovh.net sshd[10620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=vps-fa71e64b.vps.ovh.net  user=root
2020-06-24T23:55:28.628113vps773228.ovh.net sshd[10620]: Failed password for root from 51.178.138.1 port 56922 ssh2
...

Invalid user librenms from 51.178.138.1 port 49756

Invalid user abc from 51.178.138.1 port 39734

(sshd) Failed SSH login from 51.178.138.1 (FR/France/vps-fa71e64b.vps.ovh.net): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Jun  2 22:06:45 elude sshd[32482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.138.1  user=root
Jun  2 22:06:47 elude sshd[32482]: Failed password for root from 51.178.138.1 port 43634 ssh2
Jun  2 22:22:27 elude sshd[2434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.138.1  user=root
Jun  2 22:22:29 elude sshd[2434]: Failed password for root from 51.178.138.1 port 42962 ssh2
Jun  2 22:26:43 elude sshd[3035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.138.1  user=root

Failed password for invalid user root from 51.178.138.1 port 52134 ssh2

SCAMMER FRAUD BASTARDE FICKTZ EUCH SCAMMER BETRÜGER BANDE 
Received: from app.inputcard.info (app.inputcard.info [51.178.138.80])
Date: Sat, 22 Aug 2020 12:08:11 +0000
Subject: Herzlichen =?utf-8?Q?Gl=C3=BCckwunsch!?= Sie wurden als Gewinner
 unseres monatlichen Amazon-Gewinnspiels gezogen
From: Samsung S20 Checkout 
Reply-To: info@inputcard.info

Herzlichen Glückwunsch!


Hallo  

Herzlichen Glückwunsch! Sie wurden als Gewinner unseres monatlichen Amazon-Gewinnspiels gezogen

Folgen Sie dem untenstehenden Link und entdecken Sie den Preis dieses Monats.
Bestätigen Sie Ihre Identität und geben Sie dann an, wohin wir Ihren Preis schicken sollen.

Unser gesamtes Amazon-Team gratuliert Ihnen ganz herzlich!


HIER KLICKEN

2020-06-28T14:08:42.738631randservbullet-proofcloud-66.localdomain sshd[12185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=vps-192d0a69.vps.ovh.net  user=root
2020-06-28T14:08:45.276776randservbullet-proofcloud-66.localdomain sshd[12185]: Failed password for root from 51.178.138.125 port 41902 ssh2
2020-06-28T14:25:04.351960randservbullet-proofcloud-66.localdomain sshd[12287]: Invalid user mhj from 51.178.138.125 port 57702
...

Jun 25 21:02:42 eventyay sshd[13410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.138.125
Jun 25 21:02:44 eventyay sshd[13410]: Failed password for invalid user infra from 51.178.138.125 port 56686 ssh2
Jun 25 21:05:45 eventyay sshd[13479]: Failed password for root from 51.178.138.125 port 55940 ssh2
...

Jun  9 11:16:30 vps sshd[30854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.138.125 
Jun  9 11:16:32 vps sshd[30854]: Failed password for invalid user suri from 51.178.138.125 port 43426 ssh2
Jun  9 11:22:06 vps sshd[31093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.138.125 
...

May 25 20:33:42 game-panel sshd[17449]: Failed password for root from 51.178.138.125 port 55868 ssh2
May 25 20:36:53 game-panel sshd[17603]: Failed password for root from 51.178.138.125 port 33446 ssh2

Invalid user lan from 51.178.138.125 port 54282

SSH Brute-Force. Ports scanning.

/var/log/messages:Jul  9 13:31:39 sanyalnet-cloud-vps audispd: node=sanyalnet-cloud-vps.freeddns.org type=CRYPTO_SESSION msg=audhostname(1562679099.160:25374): pid=5051 uid=0 auid=4294967295 ses=4294967295 msg='op=start direction=from-server cipher=aes256-ctr ksize=256 mac=hmac-sha1 pfs=ecdh-sha2-nistp256 spid=5052 suid=74 rport=27832 laddr=104.167.106.93 lport=23  exe="/usr/sbin/sshd" hostname=? addr=37.82.204.253 terminal=? res=success'
/var/log/messages:Jul  9 13:31:39 sanyalnet-cloud-vps audispd: node=sanyalnet-cloud-vps.freeddns.org type=CRYPTO_SESSION msg=audhostname(1562679099.164:25375): pid=5051 uid=0 auid=4294967295 ses=4294967295 msg='op=start direction=from-client cipher=aes256-ctr ksize=256 mac=hmac-sha1 pfs=ecdh-sha2-nistp256 spid=5052 suid=74 rport=27832 laddr=104.167.106.93 lport=23  exe="/usr/sbin/sshd" hostname=? addr=37.82.204.253 terminal=? res=success'
/var/log/messages:Jul  9 13:31:41 sanyalnet-cloud-vps fail2ban.filter[5252]: INFO [sshd] Found 37.........
-------------------------------

Honeypot attack, port: 23, PTR: 86-127-46-2.rdsnet.ro.

TCP port 8080 (HTTP) attempt blocked by firewall. [2019-07-09 15:41:16]

2019-07-09 08:21:51 H=(lloydinsulations.com) [103.207.38.153]:59992 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in thrukfz5b56tq6xao6odgdyjrq.zen.dq.spamhaus.net (127.0.0.2, 127.0.0.11, 127.0.0.4, 127.0.0.3) (https://www.spamhaus.org/sbl/query/SBLCSS)
2019-07-09 08:40:53 H=(lloydinsulations.com) [103.207.38.153]:52427 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in thrukfz5b56tq6xao6odgdyjrq.zen.dq.spamhaus.net (127.0.0.3, 127.0.0.4, 127.0.0.11, 127.0.0.2) (https://www.spamhaus.org/sbl/query/SBL378171)
2019-07-09 08:42:07 H=(lloydinsulations.com) [103.207.38.153]:54622 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in thrukfz5b56tq6xao6odgdyjrq.zen.dq.spamhaus.net (127.0.0.3, 127.0.0.4, 127.0.0.11, 127.0.0.2) (https://www.spamhaus.org/sbl/query/SBL378171)
...

@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-07-08 16:30:39,260 INFO [shellcode_manager] (14.183.40.132) no match, writing hexdump (374aa0bbf68a2bd2b52c1d996ab04bfa :2050705) - MS17010 (EternalBlue)

Honeypot attack, port: 23, PTR: host-41.233.233.187.tedata.net.

Honeypot attack, port: 445, PTR: PTR record not found

Telnet Server BruteForce Attack

Lines containing failures of 106.111.210.147
Jul  9 14:24:32 expertgeeks postfix/smtpd[25360]: connect from unknown[106.111.210.147]
Jul x@x


........
-----------------------------------------------
https://www.blocklist.de/en/view.html?ip=106.111.210.147

WordPress login Brute force / Web App Attack on client site.

Honeypot attack, port: 23, PTR: b3de4c19.virtua.com.br.

@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-07-08 16:25:20,907 INFO [shellcode_manager] (36.91.165.25) no match, writing hexdump (da5efc91a4fa7efca12eb350512b0000 :2168208) - MS17010 (EternalBlue)

#11367 - [92.51.242.60] Error: 550 5.7.1 Forged HELO hostname detected
#11367 - [92.51.242.60] Error: 550 5.7.1 Forged HELO hostname detected
#11367 - [92.51.242.60] Error: 550 5.7.1 Forged HELO hostname detected
#11367 - [92.51.242.60] Error: 550 5.7.1 Forged HELO hostname detected

........
-----------------------------------------------
https://www.blocklist.de/en/view.html?ip=92.51.242.60

WordPress wp-login brute force :: 212.232.41.148 0.088 BYPASS [09/Jul/2019:23:43:07  1000] www.[censored_4] "POST /wp-login.php HTTP/1.1" 200 3538 "https://[censored_4]/wp-login.php" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0"

web-1 [ssh] SSH Attack