Jan  9 20:54:40 sachi sshd\[29322\]: Invalid user admin from 167.99.65.138
Jan  9 20:54:40 sachi sshd\[29322\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.138
Jan  9 20:54:42 sachi sshd\[29322\]: Failed password for invalid user admin from 167.99.65.138 port 48780 ssh2
Jan  9 20:58:07 sachi sshd\[29641\]: Invalid user geoffrey from 167.99.65.138
Jan  9 20:58:07 sachi sshd\[29641\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.138

Unauthorized connection attempt detected from IP address 167.99.65.138 to port 2220 [J]

Invalid user lasick from 167.99.65.138 port 49876

Dec 24 14:59:03 cvbnet sshd[22126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.138 
Dec 24 14:59:05 cvbnet sshd[22126]: Failed password for invalid user maund from 167.99.65.138 port 60792 ssh2
...

Dec 24 07:17:44 legacy sshd[23543]: Failed password for root from 167.99.65.138 port 60680 ssh2
Dec 24 07:20:50 legacy sshd[23649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.138
Dec 24 07:20:51 legacy sshd[23649]: Failed password for invalid user admin from 167.99.65.138 port 58854 ssh2
...

Dec 23 17:01:30 icinga sshd[11615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.138
Dec 23 17:01:32 icinga sshd[11615]: Failed password for invalid user winna from 167.99.65.138 port 32828 ssh2
...

2019-12-23T09:36:59.386174vps751288.ovh.net sshd\[9141\]: Invalid user claas from 167.99.65.138 port 59790
2019-12-23T09:36:59.393962vps751288.ovh.net sshd\[9141\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.138
2019-12-23T09:37:01.468593vps751288.ovh.net sshd\[9141\]: Failed password for invalid user claas from 167.99.65.138 port 59790 ssh2
2019-12-23T09:43:16.130355vps751288.ovh.net sshd\[9201\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.138  user=root
2019-12-23T09:43:18.295051vps751288.ovh.net sshd\[9201\]: Failed password for root from 167.99.65.138 port 36774 ssh2

Dec 19 00:40:47 hpm sshd\[32441\]: Invalid user tavera from 167.99.65.138
Dec 19 00:40:47 hpm sshd\[32441\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.138
Dec 19 00:40:50 hpm sshd\[32441\]: Failed password for invalid user tavera from 167.99.65.138 port 40912 ssh2
Dec 19 00:46:55 hpm sshd\[593\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.138  user=root
Dec 19 00:46:57 hpm sshd\[593\]: Failed password for root from 167.99.65.138 port 46696 ssh2

Dec  9 11:13:09 wh01 sshd[21612]: Invalid user server from 167.99.65.138 port 58096
Dec  9 11:13:09 wh01 sshd[21612]: Failed password for invalid user server from 167.99.65.138 port 58096 ssh2
Dec  9 11:13:09 wh01 sshd[21612]: Received disconnect from 167.99.65.138 port 58096:11: Bye Bye [preauth]
Dec  9 11:13:09 wh01 sshd[21612]: Disconnected from 167.99.65.138 port 58096 [preauth]
Dec  9 11:25:00 wh01 sshd[22496]: Invalid user nagios from 167.99.65.138 port 44154
Dec  9 11:25:00 wh01 sshd[22496]: Failed password for invalid user nagios from 167.99.65.138 port 44154 ssh2
Dec  9 11:25:00 wh01 sshd[22496]: Received disconnect from 167.99.65.138 port 44154:11: Bye Bye [preauth]
Dec  9 11:25:00 wh01 sshd[22496]: Disconnected from 167.99.65.138 port 44154 [preauth]
Dec  9 11:51:07 wh01 sshd[24957]: Invalid user michelle from 167.99.65.138 port 45884
Dec  9 11:51:07 wh01 sshd[24957]: Failed password for invalid user michelle from 167.99.65.138 port 45884 ssh2
Dec  9 11:51:07 wh01 sshd[24957

2019-11-24 01:27:24 server sshd[53843]: Failed password for invalid user guest from 167.99.65.138 port 37940 ssh2

Nov 19 03:33:49 php1 sshd\[2958\]: Invalid user 123 from 167.99.65.138
Nov 19 03:33:49 php1 sshd\[2958\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.138
Nov 19 03:33:51 php1 sshd\[2958\]: Failed password for invalid user 123 from 167.99.65.138 port 33528 ssh2
Nov 19 03:37:58 php1 sshd\[3344\]: Invalid user anurag from 167.99.65.138
Nov 19 03:37:58 php1 sshd\[3344\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.138

[Aegis] @ 2019-11-11 17:43:31  0000 -> Multiple authentication failures.

2019-11-03T07:49:42.427463shield sshd\[23712\]: Invalid user qa from 167.99.65.138 port 57416
2019-11-03T07:49:42.431765shield sshd\[23712\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.138
2019-11-03T07:49:43.942159shield sshd\[23712\]: Failed password for invalid user qa from 167.99.65.138 port 57416 ssh2
2019-11-03T07:54:00.656400shield sshd\[25147\]: Invalid user Sun@123 from 167.99.65.138 port 38946
2019-11-03T07:54:00.662351shield sshd\[25147\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.138

Oct 21 22:50:07 ns381471 sshd[4509]: Failed password for root from 167.99.65.138 port 49536 ssh2
Oct 21 22:54:18 ns381471 sshd[4629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.138
Oct 21 22:54:20 ns381471 sshd[4629]: Failed password for invalid user yuanwd from 167.99.65.138 port 59170 ssh2

Oct 14 14:11:47 server sshd\[15895\]: User root from 167.99.65.138 not allowed because listed in DenyUsers
Oct 14 14:11:47 server sshd\[15895\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.138  user=root
Oct 14 14:11:49 server sshd\[15895\]: Failed password for invalid user root from 167.99.65.138 port 42900 ssh2
Oct 14 14:16:15 server sshd\[19992\]: User root from 167.99.65.138 not allowed because listed in DenyUsers
Oct 14 14:16:15 server sshd\[19992\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.138  user=root

Jun  4 23:50:47 server sshd\[155502\]: Invalid user ipsvial from 167.99.65.138
Jun  4 23:50:47 server sshd\[155502\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.138
Jun  4 23:50:49 server sshd\[155502\]: Failed password for invalid user ipsvial from 167.99.65.138 port 48934 ssh2
...

Oct  3 22:32:31 hanapaa sshd\[27447\]: Invalid user Password_123 from 167.99.65.138
Oct  3 22:32:31 hanapaa sshd\[27447\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.138
Oct  3 22:32:33 hanapaa sshd\[27447\]: Failed password for invalid user Password_123 from 167.99.65.138 port 40386 ssh2
Oct  3 22:36:59 hanapaa sshd\[27829\]: Invalid user 234@Wer from 167.99.65.138
Oct  3 22:36:59 hanapaa sshd\[27829\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.138

Oct  1 13:40:26 sachi sshd\[28177\]: Invalid user admin from 167.99.65.138
Oct  1 13:40:26 sachi sshd\[28177\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.138
Oct  1 13:40:27 sachi sshd\[28177\]: Failed password for invalid user admin from 167.99.65.138 port 46100 ssh2
Oct  1 13:45:04 sachi sshd\[28626\]: Invalid user ftptest from 167.99.65.138
Oct  1 13:45:04 sachi sshd\[28626\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.138

Sep 12 13:20:09 hcbb sshd\[12041\]: Invalid user upload from 167.99.65.138
Sep 12 13:20:09 hcbb sshd\[12041\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.138
Sep 12 13:20:12 hcbb sshd\[12041\]: Failed password for invalid user upload from 167.99.65.138 port 49904 ssh2
Sep 12 13:27:05 hcbb sshd\[12674\]: Invalid user postgres from 167.99.65.138
Sep 12 13:27:05 hcbb sshd\[12674\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.138

Sep  4 10:12:55 php2 sshd\[3177\]: Invalid user yale from 167.99.65.138
Sep  4 10:12:55 php2 sshd\[3177\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.138
Sep  4 10:12:57 php2 sshd\[3177\]: Failed password for invalid user yale from 167.99.65.138 port 47412 ssh2
Sep  4 10:17:55 php2 sshd\[3721\]: Invalid user gabytzu!@\#\$%\* from 167.99.65.138
Sep  4 10:17:55 php2 sshd\[3721\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.138

Aug  3 22:24:25 debian sshd\[20649\]: Invalid user natalie from 167.99.65.138 port 41168
Aug  3 22:24:25 debian sshd\[20649\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.138
...

SSH invalid-user multiple login attempts

2019-07-20T04:14:47.413097abusebot-6.cloudsearch.cf sshd\[17270\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.138  user=root

Apr 25 08:16:44 vtv3 sshd\[14843\]: Invalid user cmc from 167.99.65.138 port 59188
Apr 25 08:16:44 vtv3 sshd\[14843\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.138
Apr 25 08:16:46 vtv3 sshd\[14843\]: Failed password for invalid user cmc from 167.99.65.138 port 59188 ssh2
Apr 25 08:22:40 vtv3 sshd\[17636\]: Invalid user jt from 167.99.65.138 port 53160
Apr 25 08:22:40 vtv3 sshd\[17636\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.138
Apr 25 08:33:19 vtv3 sshd\[23251\]: Invalid user mqadmin from 167.99.65.138 port 43106
Apr 25 08:33:19 vtv3 sshd\[23251\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.138
Apr 25 08:33:21 vtv3 sshd\[23251\]: Failed password for invalid user mqadmin from 167.99.65.138 port 43106 ssh2
Apr 25 08:36:02 vtv3 sshd\[24795\]: Invalid user cv from 167.99.65.138 port 40592
Apr 25 08:36:02 vtv3 sshd\[24795\]: pam_unix\(s

Apr 25 08:16:44 vtv3 sshd\[14843\]: Invalid user cmc from 167.99.65.138 port 59188
Apr 25 08:16:44 vtv3 sshd\[14843\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.138
Apr 25 08:16:46 vtv3 sshd\[14843\]: Failed password for invalid user cmc from 167.99.65.138 port 59188 ssh2
Apr 25 08:22:40 vtv3 sshd\[17636\]: Invalid user jt from 167.99.65.138 port 53160
Apr 25 08:22:40 vtv3 sshd\[17636\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.138
Apr 25 08:33:19 vtv3 sshd\[23251\]: Invalid user mqadmin from 167.99.65.138 port 43106
Apr 25 08:33:19 vtv3 sshd\[23251\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.138
Apr 25 08:33:21 vtv3 sshd\[23251\]: Failed password for invalid user mqadmin from 167.99.65.138 port 43106 ssh2
Apr 25 08:36:02 vtv3 sshd\[24795\]: Invalid user cv from 167.99.65.138 port 40592
Apr 25 08:36:02 vtv3 sshd\[24795\]: pam_unix\(s

Apr 25 08:16:44 vtv3 sshd\[14843\]: Invalid user cmc from 167.99.65.138 port 59188
Apr 25 08:16:44 vtv3 sshd\[14843\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.138
Apr 25 08:16:46 vtv3 sshd\[14843\]: Failed password for invalid user cmc from 167.99.65.138 port 59188 ssh2
Apr 25 08:22:40 vtv3 sshd\[17636\]: Invalid user jt from 167.99.65.138 port 53160
Apr 25 08:22:40 vtv3 sshd\[17636\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.138
Apr 25 08:33:19 vtv3 sshd\[23251\]: Invalid user mqadmin from 167.99.65.138 port 43106
Apr 25 08:33:19 vtv3 sshd\[23251\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.138
Apr 25 08:33:21 vtv3 sshd\[23251\]: Failed password for invalid user mqadmin from 167.99.65.138 port 43106 ssh2
Apr 25 08:36:02 vtv3 sshd\[24795\]: Invalid user cv from 167.99.65.138 port 40592
Apr 25 08:36:02 vtv3 sshd\[24795\]: pam_unix\(s

SSH Brute-Forcing (ownc)

Jun 26 11:07:21 OPSO sshd\[5097\]: Invalid user capensis from 167.99.65.138 port 59924
Jun 26 11:07:21 OPSO sshd\[5097\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.138
Jun 26 11:07:22 OPSO sshd\[5097\]: Failed password for invalid user capensis from 167.99.65.138 port 59924 ssh2
Jun 26 11:09:08 OPSO sshd\[5211\]: Invalid user steamsrv from 167.99.65.138 port 48786
Jun 26 11:09:08 OPSO sshd\[5211\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.138

Jun 26 01:13:57 minden010 sshd[636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.138
Jun 26 01:13:59 minden010 sshd[636]: Failed password for invalid user arkse from 167.99.65.138 port 33366 ssh2
Jun 26 01:16:18 minden010 sshd[1568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.138
...

WordPress brute force

reported through recidive - multiple failed attempts(SSH)

Jun  3 22:10:44 mail sshd\[21321\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.240  user=root
Jun  3 22:10:46 mail sshd\[21321\]: Failed password for root from 167.99.65.240 port 43606 ssh2
Jun  3 22:14:21 mail sshd\[21341\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.240  user=root
...

SSH invalid-user multiple login try

Invalid user oracle from 167.99.65.240 port 44606

(sshd) Failed SSH login from 167.99.65.240 (SG/Singapore/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: May 11 20:45:45 srv sshd[32736]: Invalid user doru from 167.99.65.240 port 47424
May 11 20:45:47 srv sshd[32736]: Failed password for invalid user doru from 167.99.65.240 port 47424 ssh2
May 11 20:53:38 srv sshd[378]: Invalid user test from 167.99.65.240 port 38024
May 11 20:53:41 srv sshd[378]: Failed password for invalid user test from 167.99.65.240 port 38024 ssh2
May 11 20:57:14 srv sshd[459]: Invalid user trey from 167.99.65.240 port 37992

2020-04-24T14:44:37.987811sorsha.thespaminator.com sshd[20485]: Invalid user herbert from 167.99.65.240 port 36602
2020-04-24T14:44:39.250050sorsha.thespaminator.com sshd[20485]: Failed password for invalid user herbert from 167.99.65.240 port 36602 ssh2
...

Feb 12 22:25:11 dillonfme sshd\[9751\]: Invalid user ru from 167.99.65.79 port 59831
Feb 12 22:25:11 dillonfme sshd\[9751\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.79
Feb 12 22:25:14 dillonfme sshd\[9751\]: Failed password for invalid user ru from 167.99.65.79 port 59831 ssh2
Feb 12 22:30:48 dillonfme sshd\[9914\]: Invalid user diego from 167.99.65.79 port 55770
Feb 12 22:30:48 dillonfme sshd\[9914\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.79
...

Automatic report - Banned IP Access

Aug  4 02:44:09 localhost sshd\[29940\]: Invalid user norcon from 167.99.65.178 port 48736
Aug  4 02:44:09 localhost sshd\[29940\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.178
Aug  4 02:44:10 localhost sshd\[29940\]: Failed password for invalid user norcon from 167.99.65.178 port 48736 ssh2
Aug  4 02:49:15 localhost sshd\[30123\]: Invalid user jenns from 167.99.65.178 port 43482
Aug  4 02:49:15 localhost sshd\[30123\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.65.178
...

2019-07-31T01:08:53.517136abusebot.cloudsearch.cf sshd\[27461\]: Invalid user hko from 167.99.65.178 port 53364

WordPress brute force

1433/tcp
[2019-12-27]1pkt

Dec 27 06:29:07 marvibiene sshd[414]: Invalid user murro from 198.211.123.196 port 44294
Dec 27 06:29:07 marvibiene sshd[414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.211.123.196
Dec 27 06:29:07 marvibiene sshd[414]: Invalid user murro from 198.211.123.196 port 44294
Dec 27 06:29:09 marvibiene sshd[414]: Failed password for invalid user murro from 198.211.123.196 port 44294 ssh2
...

Dec 27 09:19:07 [host] sshd[8601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.136.155.136  user=dovecot
Dec 27 09:19:09 [host] sshd[8601]: Failed password for dovecot from 150.136.155.136 port 27295 ssh2
Dec 27 09:22:16 [host] sshd[8752]: Invalid user morse from 150.136.155.136

1577428121 - 12/27/2019 07:28:41 Host: 182.253.80.99/182.253.80.99 Port: 445 TCP Blocked

Dec 27 08:36:15 localhost sshd\[25613\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.229.6.9  user=root
Dec 27 08:36:16 localhost sshd\[25613\]: Failed password for root from 69.229.6.9 port 39678 ssh2
Dec 27 08:38:31 localhost sshd\[26099\]: Invalid user fluet from 69.229.6.9 port 56440

188.166.60.138 - - [27/Dec/2019:07:10:00 +0000] "POST /wp-login.php HTTP/1.1" 200 6393 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
188.166.60.138 - - [27/Dec/2019:07:10:01 +0000] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
...

Unauthorized connection attempt from IP address 14.163.136.227 on Port 445(SMB)

23/tcp
[2019-12-27]1pkt

80.82.77.212 was recorded 14 times by 7 hosts attempting to connect to the following ports: 6144,6481,6346. Incident counter (4h, 24h, all-time): 14, 25, 1993

60001/tcp
[2019-12-27]1pkt

1433/tcp
[2019-12-27]1pkt

23/tcp
[2019-12-27]1pkt

Dec 27 09:05:44 sd-53420 sshd\[20542\]: User root from 222.186.175.181 not allowed because none of user's groups are listed in AllowGroups
Dec 27 09:05:44 sd-53420 sshd\[20542\]: Failed none for invalid user root from 222.186.175.181 port 32781 ssh2
Dec 27 09:05:44 sd-53420 sshd\[20542\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.175.181  user=root
Dec 27 09:05:46 sd-53420 sshd\[20542\]: Failed password for invalid user root from 222.186.175.181 port 32781 ssh2
Dec 27 09:05:50 sd-53420 sshd\[20542\]: Failed password for invalid user root from 222.186.175.181 port 32781 ssh2
...

$f2bV_matches

Invalid user from from 106.12.32.48 port 42696