Jul 25 03:50:45 george sshd[29775]: Failed password for invalid user ftp from 5.196.4.222 port 40020 ssh2
Jul 25 03:55:14 george sshd[30305]: Invalid user cache from 5.196.4.222 port 53960
Jul 25 03:55:14 george sshd[30305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.196.4.222 
Jul 25 03:55:16 george sshd[30305]: Failed password for invalid user cache from 5.196.4.222 port 53960 ssh2
Jul 25 03:59:31 george sshd[31495]: Invalid user website from 5.196.4.222 port 39654
...

Jul 24 06:40:07 ip106 sshd[18768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.196.4.222 
Jul 24 06:40:08 ip106 sshd[18768]: Failed password for invalid user feng from 5.196.4.222 port 38426 ssh2
...

Jul 17 06:19:46 master sshd[17125]: Failed password for invalid user cmo from 5.196.4.222 port 59906 ssh2
Jul 17 06:30:01 master sshd[17310]: Failed password for invalid user aster from 5.196.4.222 port 40874 ssh2
Jul 17 06:34:45 master sshd[17345]: Failed password for invalid user ike from 5.196.4.222 port 56256 ssh2
Jul 17 06:39:06 master sshd[17362]: Failed password for invalid user trade from 5.196.4.222 port 43414 ssh2
Jul 17 06:43:12 master sshd[17382]: Failed password for invalid user girish from 5.196.4.222 port 58794 ssh2
Jul 17 06:47:45 master sshd[17418]: Failed password for invalid user nexus from 5.196.4.222 port 45928 ssh2
Jul 17 06:52:29 master sshd[17439]: Failed password for invalid user doc from 5.196.4.222 port 33064 ssh2
Jul 17 06:56:54 master sshd[17459]: Failed password for invalid user vmware from 5.196.4.222 port 48444 ssh2
Jul 17 07:01:25 master sshd[17504]: Failed password for invalid user qwe from 5.196.4.222 port 35594 ssh2

IP was detected trying to Brute-Force SSH, FTP, Web Apps, Port-Scan or Hacking.

Feb 16 23:19:32 srv-ubuntu-dev3 sshd[41887]: Invalid user mongo from 5.196.42.123
Feb 16 23:19:32 srv-ubuntu-dev3 sshd[41887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.196.42.123
Feb 16 23:19:32 srv-ubuntu-dev3 sshd[41887]: Invalid user mongo from 5.196.42.123
Feb 16 23:19:34 srv-ubuntu-dev3 sshd[41887]: Failed password for invalid user mongo from 5.196.42.123 port 59360 ssh2
Feb 16 23:22:43 srv-ubuntu-dev3 sshd[42174]: Invalid user tomcat from 5.196.42.123
Feb 16 23:22:43 srv-ubuntu-dev3 sshd[42174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.196.42.123
Feb 16 23:22:43 srv-ubuntu-dev3 sshd[42174]: Invalid user tomcat from 5.196.42.123
Feb 16 23:22:44 srv-ubuntu-dev3 sshd[42174]: Failed password for invalid user tomcat from 5.196.42.123 port 45902 ssh2
Feb 16 23:25:45 srv-ubuntu-dev3 sshd[42437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.196.42
...

Invalid user salaun from 5.196.42.123 port 48472

Jan 14 06:29:33 ns41 sshd[21893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.196.42.123
Jan 14 06:29:33 ns41 sshd[21893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.196.42.123

Unauthorized connection attempt detected from IP address 5.196.42.123 to port 2220 [J]

Dec 30 13:47:46 v22018086721571380 sshd[1404]: Failed password for invalid user roloff from 5.196.42.123 port 53810 ssh2
Dec 30 13:50:55 v22018086721571380 sshd[1644]: Failed password for invalid user mysql from 5.196.42.123 port 41615 ssh2

3x Failed Password

Dec 24 08:13:07 SilenceServices sshd[24248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.196.42.123
Dec 24 08:13:09 SilenceServices sshd[24248]: Failed password for invalid user server from 5.196.42.123 port 42264 ssh2
Dec 24 08:20:33 SilenceServices sshd[26410]: Failed password for backup from 5.196.42.123 port 38100 ssh2

Nov  9 20:42:52 eddieflores sshd\[18152\]: Invalid user admin from 5.196.45.33
Nov  9 20:42:52 eddieflores sshd\[18152\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=jco.granux.fr
Nov  9 20:42:54 eddieflores sshd\[18152\]: Failed password for invalid user admin from 5.196.45.33 port 57700 ssh2
Nov  9 20:46:28 eddieflores sshd\[18431\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=jco.granux.fr  user=root
Nov  9 20:46:30 eddieflores sshd\[18431\]: Failed password for root from 5.196.45.33 port 38718 ssh2

Nov  1 07:23:45 SilenceServices sshd[28407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.196.45.33
Nov  1 07:23:47 SilenceServices sshd[28407]: Failed password for invalid user theodore from 5.196.45.33 port 39248 ssh2
Nov  1 07:27:30 SilenceServices sshd[4296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.196.45.33

Attempted Brute Force (dovecot)

Sep 16 20:45:37 mail.srvfarm.net postfix/smtps/smtpd[3651758]: warning: unknown[13.75.92.25]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Sep 16 20:47:14 mail.srvfarm.net postfix/smtps/smtpd[3650008]: warning: unknown[13.75.92.25]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Sep 16 20:48:52 mail.srvfarm.net postfix/smtps/smtpd[3650008]: warning: unknown[13.75.92.25]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Sep 16 20:50:29 mail.srvfarm.net postfix/smtps/smtpd[3651112]: warning: unknown[13.75.92.25]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Sep 16 20:52:07 mail.srvfarm.net postfix/smtps/smtpd[3651758]: warning: unknown[13.75.92.25]: SASL LOGIN authentication failed: UGFzc3dvcmQ6

Invalid user admin from 43.229.153.81 port 43437

Sep 16 18:22:56 mail.srvfarm.net postfix/smtpd[3597748]: warning: unknown[191.240.112.249]: SASL PLAIN authentication failed: 
Sep 16 18:22:56 mail.srvfarm.net postfix/smtpd[3597748]: lost connection after AUTH from unknown[191.240.112.249]
Sep 16 18:29:06 mail.srvfarm.net postfix/smtpd[3585658]: warning: unknown[191.240.112.249]: SASL PLAIN authentication failed: 
Sep 16 18:29:07 mail.srvfarm.net postfix/smtpd[3585658]: lost connection after AUTH from unknown[191.240.112.249]
Sep 16 18:29:14 mail.srvfarm.net postfix/smtps/smtpd[3600011]: warning: unknown[191.240.112.249]: SASL PLAIN authentication failed:

failed_logins

Portscan detected

Sep 16 20:46:11 mail.srvfarm.net postfix/smtps/smtpd[3651757]: warning: unknown[52.228.35.164]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Sep 16 20:47:30 mail.srvfarm.net postfix/smtps/smtpd[3653361]: warning: unknown[52.228.35.164]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Sep 16 20:48:51 mail.srvfarm.net postfix/smtps/smtpd[3651641]: warning: unknown[52.228.35.164]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Sep 16 20:50:12 mail.srvfarm.net postfix/smtps/smtpd[3651642]: warning: unknown[52.228.35.164]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Sep 16 20:51:33 mail.srvfarm.net postfix/smtps/smtpd[3653361]: warning: unknown[52.228.35.164]: SASL LOGIN authentication failed: UGFzc3dvcmQ6

(smtpauth) Failed SMTP AUTH login from 89.248.171.89 (NL/Netherlands/backupdatasolutions.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SMTPAUTH; Logs: 2020-09-17 05:30:04 dovecot_login authenticator failed for (User) [89.248.171.89]:25582: 535 Incorrect authentication data (set_id=sales@condosrosarito.com)
2020-09-17 05:31:28 dovecot_login authenticator failed for (User) [89.248.171.89]:34576: 535 Incorrect authentication data (set_id=sales@rosaritoensenadarace.com)
2020-09-17 05:34:12 dovecot_login authenticator failed for (User) [89.248.171.89]:47196: 535 Incorrect authentication data (set_id=sales@motelmarsellas.com)
2020-09-17 05:35:53 dovecot_login authenticator failed for (User) [89.248.171.89]:20620: 535 Incorrect authentication data (set_id=sales@myrosaritohotels.com)
2020-09-17 05:39:04 dovecot_login authenticator failed for (User) [89.248.171.89]:12794: 535 Incorrect authentication data (set_id=sales@costabellarosarito.com)

97.74.237.196 (US/United States/-), 5 distributed sshd attacks on account [root] in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_DISTATTACK; Logs: Sep 17 03:53:40 server5 sshd[19422]: Failed password for root from 84.2.226.70 port 46642 ssh2
Sep 17 03:56:08 server5 sshd[20285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.79.23.10  user=root
Sep 17 03:54:59 server5 sshd[19893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.45.150  user=root
Sep 17 03:55:01 server5 sshd[19893]: Failed password for root from 104.131.45.150 port 48142 ssh2
Sep 17 03:53:46 server5 sshd[19482]: Failed password for root from 97.74.237.196 port 35801 ssh2

IP Addresses Blocked:

84.2.226.70 (HU/Hungary/-)
177.79.23.10 (BR/Brazil/-)
104.131.45.150 (US/United States/-)

Sep 17 10:50:48 mail.srvfarm.net postfix/smtpd[4154548]: lost connection after STARTTLS from unknown[203.86.30.17]
Sep 17 10:50:50 mail.srvfarm.net postfix/smtpd[4154531]: NOQUEUE: reject: RCPT from unknown[203.86.30.17]: 450 4.7.1 : Helo command rejected: Host not found; from= to= proto=ESMTP helo=
Sep 17 10:53:57 mail.srvfarm.net postfix/smtpd[4154587]: lost connection after STARTTLS from unknown[203.86.30.17]
Sep 17 10:53:59 mail.srvfarm.net postfix/smtpd[4160189]: NOQUEUE: reject: RCPT from unknown[203.86.30.17]: 450 4.7.1 : Helo command rejected: Host not found; from= to= proto=ESMTP helo=
Sep 17 10:55:12 mail.srvfarm.net postfix/smtpd[4157771]: lost connection after STARTTLS from unknown[203.86.30.17]

Sep 16 18:54:28 ip106 sshd[19223]: Failed password for root from 45.80.64.230 port 43774 ssh2
...

Sep 16 18:21:57 mail.srvfarm.net postfix/smtpd[3597749]: warning: 189-23-85-177.netvale.psi.br[177.85.23.189]: SASL PLAIN authentication failed: 
Sep 16 18:21:57 mail.srvfarm.net postfix/smtpd[3597749]: lost connection after AUTH from 189-23-85-177.netvale.psi.br[177.85.23.189]
Sep 16 18:22:55 mail.srvfarm.net postfix/smtps/smtpd[3600946]: warning: 189-23-85-177.netvale.psi.br[177.85.23.189]: SASL PLAIN authentication failed: 
Sep 16 18:22:55 mail.srvfarm.net postfix/smtps/smtpd[3600946]: lost connection after AUTH from 189-23-85-177.netvale.psi.br[177.85.23.189]
Sep 16 18:23:27 mail.srvfarm.net postfix/smtpd[3585658]: warning: 189-23-85-177.netvale.psi.br[177.85.23.189]: SASL PLAIN authentication failed:

$f2bV_matches

Sep 16 18:01:24 mail.srvfarm.net postfix/smtpd[3580293]: warning: unknown[201.218.138.131]: SASL PLAIN authentication failed: 
Sep 16 18:01:25 mail.srvfarm.net postfix/smtpd[3580293]: lost connection after AUTH from unknown[201.218.138.131]
Sep 16 18:05:04 mail.srvfarm.net postfix/smtps/smtpd[3580300]: warning: unknown[201.218.138.131]: SASL PLAIN authentication failed: 
Sep 16 18:05:05 mail.srvfarm.net postfix/smtps/smtpd[3580300]: lost connection after AUTH from unknown[201.218.138.131]
Sep 16 18:10:33 mail.srvfarm.net postfix/smtpd[3585657]: warning: unknown[201.218.138.131]: SASL PLAIN authentication failed:

Sep 17 10:28:55 web01.agentur-b-2.de dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=94.102.57.137, lip=185.118.198.210, session=
Sep 17 10:29:35 web01.agentur-b-2.de dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=94.102.57.137, lip=185.118.198.210, session=<4tgHL36vxv5eZjmJ>
Sep 17 10:30:32 web01.agentur-b-2.de dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=94.102.57.137, lip=185.118.198.210, session=
Sep 17 10:30:38 web01.agentur-b-2.de dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 6 secs): user=, method=PLAIN, rip=94.102.57.137, lip=185.118.198.210, session=<9SOMMn6vUoReZjmJ>
Sep 17 10:31:01 web01.agentur-b-2.de dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=