Invalid user ubuntu from 220.176.204.91 port 14575

Invalid user ubuntu from 220.176.204.91 port 14575

Invalid user ubuntu from 220.176.204.91 port 14575

SSH bruteforce attack

Aug 20 08:56:45 ip106 sshd[5805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.176.204.91 
Aug 20 08:56:46 ip106 sshd[5805]: Failed password for invalid user admin123 from 220.176.204.91 port 22396 ssh2
...

2020-08-16 22:47:46,873 fail2ban.actions        [937]: NOTICE  [sshd] Ban 220.176.204.91
2020-08-16 23:25:27,398 fail2ban.actions        [937]: NOTICE  [sshd] Ban 220.176.204.91
2020-08-17 00:04:08,000 fail2ban.actions        [937]: NOTICE  [sshd] Ban 220.176.204.91
2020-08-17 00:38:45,481 fail2ban.actions        [937]: NOTICE  [sshd] Ban 220.176.204.91
2020-08-17 01:14:00,427 fail2ban.actions        [937]: NOTICE  [sshd] Ban 220.176.204.91
...

Aug 14 05:22:44 root sshd[24202]: Failed password for root from 220.176.204.91 port 9034 ssh2
Aug 14 05:30:46 root sshd[25522]: Failed password for root from 220.176.204.91 port 53290 ssh2
...

Aug  1 09:35:46 vm1 sshd[8764]: Failed password for root from 220.176.204.91 port 60775 ssh2
...

Jul 30 08:57:06 NPSTNNYC01T sshd[25505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.176.204.91
Jul 30 08:57:08 NPSTNNYC01T sshd[25505]: Failed password for invalid user phinex from 220.176.204.91 port 11861 ssh2
Jul 30 09:01:59 NPSTNNYC01T sshd[25937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.176.204.91
...

Jul 27 23:14:14 vpn01 sshd[10915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.176.204.91
Jul 27 23:14:17 vpn01 sshd[10915]: Failed password for invalid user hhh from 220.176.204.91 port 51303 ssh2
...

SSH Brute-Forcing (server1)

prod11
...

20 attempts against mh-ssh on pluto

Jun 30 10:31:46 firewall sshd[25892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.176.204.91
Jun 30 10:31:46 firewall sshd[25892]: Invalid user ghost from 220.176.204.91
Jun 30 10:31:47 firewall sshd[25892]: Failed password for invalid user ghost from 220.176.204.91 port 33277 ssh2
...

"fail2ban match"

2001:0002:14:5:1:2:bf35:2610

[Mon Jun 07 15:29:53.882239 2021] [cgi:error] [client 203.248.175.71:39582] AH02811: script not found or unable to stat: /apache/apache2.4.46/cgi-bin/kerbynet

login failure for user admin from 95.172.59.182 via dude

PHISHING ATTACK
176.10.127.199 American Airlines Shopper Gift Card Chance@viscarofix.us - AmericanAirlinesShopperGiftOpportunity@viscarofix.us, Congratulations! You can get a $50 American Airlines gift card!, 2 Jun 2021
inetnum:        176.10.127.1 - 176.10.127.255
netname:        Speed-Net
country:        CH
Other emails from same group
176.10.127.165 Moderna Shopper Gift Card Chance@viscarofix.us - ModernaShopperFeedback@viscarofix.us, Congratulations! You can get a $50 Moderna gift card!, 2 Jun 2021
176.10.127.199 American Airlines Shopper Gift Card Chance@viscarofix.us - AmericanAirlinesShopperGiftOpportunity@viscarofix.us, Congratulations! You can get a $50 American Airlines gift card!, 2 Jun 2021

PHISHING AND SPAM ATTACK
69.65.62.70   123Greetings - specials@123g.biz - Does This Fat Molecule Cause Diabetes?, 9 Jun 2021
OrgName:        GigeNET
NetRange:       69.65.0.0 - 69.65.63.255
Other emails from same group
69.65.62.70   123Greetings - specials@123g.biz - Does This Fat Molecule Cause Diabetes?, 9 Jun 2021
69.65.62.75   123Greetings - specials@123g.biz - This Firefighter's Secret Relaxes Blood Pressure, Wed, 21 Apr 2021
69.65.62.76   123Greetings - specials@123g.biz - How To Treat Toenail Fungus, According To Doctors, Mon, 3 May 2021
69.65.62.80   123Greetings - specials@123g.biz - Miracle Ingredients Reverse Type II Diabetes, Wed, 14 Apr 2021
69.65.62.81	   123Greetings - specials@123g.biz - This Firefighter's Secret Relaxes Blood Pressure, Thu, 06 May 2021
69.65.62.87   123Greetings - specials@123g.biz - Deadly Brain Disease That Can Happen To Anyone, Tue, 20 Apr 2021 
69.65.62.112  123Greetings - specials@123g.biz - This Firefighter's Secret Relaxes Blood Pressure, Sat, 17 Apr 2021
NOTE Take care with cards from 123Greetings.com, it uses 69.65.62.0/25 as above

UFW BLOCK

Unauthorized connection attempt from IP address 136.232.239.130 on Port 445(SMB)

gg

PHISHING ATTACK
104.223.155.206 Diabetes Treatment - alaina@branizericing.top - 10% of Diabetics eventually need Amputation - Root cause of Diabetes & and how we stop it 10% of Diabetics eventually need Amputation - Root cause of Diabetes & and how we stop it [Opportunity-Removed], Tue, 18 May 2021
OrgName: 	LayerHost
NetRange:       23.247.0.0 - 23.247.127.255
NetRange:       103.73.156.0 - 103.73.156.255
NetRange:       104.148.0.0 - 104.148.127.255
NetRange:       104.223.128.0 - 104.223.255.255
NetRange:       107.179.0.0 - 107.179.127.255
NetRange:       134.73.0.0 - 134.73.255.255
NetRange:       157.52.128.0 - 157.52.255.255
Other emails from same group
104.148.6.239 Cinnamon -iris@coliseum.top- FALSE: Fat + People + Cinnamon Bark = People + Cinnamon Tea, Thu, 15 Apr 2021
104.223.155.206 Diabetes Treatment - alaina@branizericing.top - 10% of Diabetics eventually need Amputation - Root cause of Diabetes & and how we stop it 10% of Diabetics eventually need Amputation - Root cause of Diabetes & and how we stop it [Opportunity-Removed], Tue, 18 May 2021

107.179.121.6   60 sec Prostate cure -juniper@inusintering.top-  -sydney@zapster.top- [Until-6AM] Heart health … Prostate health: A unique partnership - Prostate Health: Know the Facts Heart health … Prostate health: A unique partnership - Prostate Health: Know the Facts [90Sec-Video], Fri, 14 May 2021
107.179.127.158 Biden Brain Hacks - eden@dard.top - Russians developed secret brain enhancement drugs during the USSR. Now college kids..., Sun, 2 May 2021

134.73.88.85 Alexandria Crandall - alexandria.crandall@ackbrogrum.top - [DeleteMe] Once in a lifetime discovery - Shed 30lbs in 4 weeks with no exercise or diet fads Once in a lifetime discovery - Shed 30lbs in 4 weeks with no exercise or diet fads, Fri, 14 May 2021
134.73.88.80   Dentist Saver -arya@aritionated.top- Rebuild Your Teeth and Gums (And Get Rid of Tooth Decay), Sat, 15 May 2021

PHISHING AND SPAM ATTACK
185.222.57.143  Mr. Ayman Shareef - sami@nooralshomoe.com, Shipment,  14 Jun 2021
person:    	K.M. Badrul Alam
address:   	Naherins Domain, 134/7 B, Furfura Sharif Road, Darus Salam
inetnum:   	45.128.0.0 - 45.159.255.255
		185.222.57.0 - 185.222.57.255
Other emails from same group are listed below as PHISHING AND SPAM ATTACK as well as; 
45.137.22.37 Engr. Ghazanfar Raza - ghazanfar@sgbmdxb.com - NEW ORDER, 17 May 2021 
45.137.22.37 M. Ahmed Bilwani - editorial@thejakartapost.com - OUTSTANDING PAYMENT REMINDER, 17 May 2021
45.137.22.44 Barbara Liu liuli.hgxs@sinopec.com, Req Invoice, 27 May 2021
185.222.57.140  FUKUSEN (SALES DEPT) - fukusen-ikari@alpha.ocn.ne.jp - RE: Confirmation Order for PO # B18024091/02730918, 4 May 2021 21:38:19
185.222.57.140 Julie shi - shifulan@sinotrans.com - RE: SATEMENT OF ACCOUNT, 5 May 2021
185.222.57.140 Jason Kim - jason@wscorporation.co.kr - Enquiry # A87983T - Fittings and Flanges for LNG project, 30 Apr 2021
185.222.57.140 Jason Kim - jason@wscorporation.co.kr - Enquiry # A87983T - Fittings and Flanges for LNG project, Mon, 26 Apr 2021
185.222.57.140 Jason Kim - jason@wscorporation.co.kr - Enquiry # A87983T - Fittings and Flanges for LNG project, Sun, 25 Apr 2021
185.222.57.140 Magdi Amin - areej@alamalcargo.com - RE: New Order, 6 May 2021
185.222.57.143  Mr. Ahmed Bilwani - daniel.robinson@compelo.com, OUTSTANDING PAYMENT REMINDER, 13 Jun 2021
185.222.57.143  Barbara Liu / 刘莉 - liuli.hgxs"@sinopec.com, Payment confirmation,  13 Jun 2021

PHISHING AND SPAM ATTACK
185.222.57.143  Mr. A hmed Bilwani - daniel.robinson@compelo.com, OUTSTANDING PAYMENT REMINDER, 13 Jun 2021
person:    	K.M. Badrul Alam
address:   Naherins Domain, 134/7 B, Furfura Sharif Road, Darus Salam
inetnum:   45.128.0.0 - 45.159.255.255
	185.222.57.0 - 185.222.57.255
Other emails from same group are listed below as PHISHING AND SPAM ATTACK as well as; 
45.137.22.37 Engr. Ghazanfar Raza - ghazanfar@sgbmdxb.com - NEW ORDER, 17 May 2021 
45.137.22.37 M. Ahmed Bilwani - editorial@thejakartapost.com - OUTSTANDING PAYMENT REMINDER, 17 May 2021
45.137.22.44 Barbara Liu liuli.hgxs@sinopec.com, Req Invoice, 27 May 2021
185.222.57.140  FUKUSEN (SALES DEPT) - fukusen-ikari@alpha.ocn.ne.jp - RE: Confirmation Order for PO # B18024091/02730918, 4 May 2021 21:38:19
185.222.57.140 Julie shi - shifulan@sinotrans.com - RE: SATEMENT OF ACCOUNT, 5 May 2021
185.222.57.140 Jason Kim - jason@wscorporation.co.kr - Enquiry # A87983T - Fittings and Flanges for LNG project, 30 Apr 2021
185.222.57.140 Jason Kim - jason@wscorporation.co.kr - Enquiry # A87983T - Fittings and Flanges for LNG project, Mon, 26 Apr 2021
185.222.57.140 Jason Kim - jason@wscorporation.co.kr - Enquiry # A87983T - Fittings and Flanges for LNG project, Sun, 25 Apr 2021
185.222.57.140 Magdi Amin - areej@alamalcargo.com - RE: New Order, 6 May 2021

2001:0002:14:5:1:2:bf35:2610

PHISHING AND SPAM ATTACK
89.33.194.46  Ford Puma - info@ticketone.buzz, Drive's Car of the Year Best Light SUV. Book a TEST DRIVE, 07 Jun 2021 
inetnum:        89.33.194.0 - 89.33.194.255
netname:        VPSOPENVZ-D
org:            ORG-VS171-RIPE
country:        RO

PHISHING AND SPAM ATTACK
31.210.22.67 American Airlines Shopper Gift Opportunity@edelixir.buzz - AmericanAirlinesOpinionRequested@edelixir.buzz, Shopper, You can qualify to get a $50 American Airlines gift card!, 8 Jun 2021 
netname: 	SERVER-31-210-22-0 country: NL, netname: SERVER-185-239-242-0 country: NL
NetRange:       31.210.22.0 - 31.210.23.255
NetRange:       185.239.242.0 - 185.239.242.255 
Other emails from same group
31.210.22.10 Miraculous Solution - MiraculousSolution@moskintorpro.us, 1 morning drink RESETS high blood sugar?, 8 Jun 2021 
31.210.22.67 American Airlines Shopper Gift Opportunity@edelixir.buzz - AmericanAirlinesOpinionRequested@edelixir.buzz, Shopper, You can qualify to get a $50 American Airlines gift card!, 8 Jun 2021 
31.210.22.81 ReverseMortgageQuiz -ReverseMortgageQuiz@probiotic.guru- Take this quiz to see if you qualify for a reverse mortgage  Sat, 10 Apr 2021
185.239.242.73 Divine Locks Method -DivineLocksMethod@heaterwood.buzz- Divine Locks Method for revitalizing your thick, full and youthful hair. Sat, 10 Apr 2021   
185.239.242.82 Soul-Mate -Soulmate@savagehut.us- Want to Meet Your Soulmate? Sun, 11 Apr 2021 
185.239.242.122 Sugar Control Remedies@savagegroww.us - SugarControlRemedies@savagegroww.us -  4 Year Old SAVES Grandpa From Diabetes Type 2, Sat, 17 Apr 2021

PHISHING ATTACK
91.214.71.117 Auto-trading program - etbodyb@belgum-hotel.be - New cryptocurrency auto-trading program, Mon, 19 Apr 2021
1.	inetnum:        62.173.149.0 - 62.173.149.255
	netname:        RU-PLANETAHOST
	descr:          JSC Planetahost
2.	inetnum:        91.214.68.0 - 91.214.71.255
	org-name:       ArtPlanet LLC
	country:        RU
3. 	inetnum:        213.202.208.0 - 213.202.208.255
	netname:        MYLOC-WEBTROPIA-ADD-02
	descr:          Additional IPs for webtropia.com hosts	
Other emails from same group
62.173.149.187  Australia citizens - omqoryz@belgum-hotel.be - Using this "wealth loophole", Thu, 20 May 2021 03:47:03
91.214.71.117 Auto-trading program - etbodyb@belgum-hotel.be - New cryptocurrency auto-trading program, Mon, 19 Apr 2021
213.202.208.175 Australia citizens - unvesty@gotorinshotel.nrw - Using this "wealth loophole", Tue, 18 May 2021 05:10:07