Posted on by

Re: Abuse complaints

> The details of the abuse-complaint are as follows:
>
> 89.37.193.207: *2025-10-20 04:26*.*Categories:* Brute-Force, SSH.
> *Comment:* SSH brute force
> *2025-10-17 14:13*.*Categories:* Brute-Force, SSH.
> *Comment:* SG02-GC: SSH Brute Force from 89.37.193.207 at 2025-10-17
> 19:43:44 IST
> *2025-10-15 23:30*.*Categories:* Brute-Force, SSH.
> *Comment:* SSH brute force
> *2025-10-15 20:11*.*Categories:* Brute-Force.
> *Comment:* list.rtbh.com.tr report: tcp/0
> *2025-10-14 20:11*.*Categories:* Brute-Force.
> *Comment:* list.rtbh.com.tr report: tcp/0
> *2025-10-14 03:19*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-14T05:17:47.020243+02:00 rico-j sshd[1483769]:
> Connection from 89.37.193.207 port 32816 on 5.45.102.214 port 22 rdomain «»
> 2025-10-14T05:17:47.347738+02:00 rico-j sshd[1483769]: Invalid user user14
> from 89.37.193.207 port 32816 2025-10-14T05:19:00.602793+02:00 rico-j
> sshd[1484910]: Connection from 89.37.193.207 port 36852 on 5.45.102.214
> port 22 rdomain «» 2025-10-14T05:19:00.940340+02:00 rico-j sshd[1484910]:
> Invalid user karthik from 89.37.193.207 port 36852 …
> *2025-10-14 03:18*.*Categories:* Brute-Force, SSH.
> *Comment:* (sshd) Failed SSH login from 89.37.193.207 (RU/Russia/-): 5 in
> the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Oct 13
> 22:14:51 14966 sshd[24656]: Invalid user tester from 89.37.193.207 port
> 45690 Oct 13 22:14:53 14966 sshd[24656]: Failed password for invalid user
> tester from 89.37.193.207 port 45690 ssh2 Oct 13 22:17:02 14966
> sshd[25042]: Invalid user mgeweb from 89.37.193.207 port 53822 Oct 13
> 22:17:04 14966 sshd[25042]: Failed password for invalid user mgeweb from
> 89.37.193.207 port 53822 ssh2 Oct 13 22:18:18 14966 sshd[25252]: Invalid
> user user14 from 89.37.193.207 port 40302
> *2025-10-14 03:14*.*Categories:* Brute-Force, SSH.
> *Comment:* Oct 14 16:12:57 mtl1 sshd-session[2797941]: Invalid user
> tester from 89.37.193.207 port 38488
> *2025-10-14 02:41*.*Categories:* Brute-Force, SSH.
> *Comment:* Oct 14 04:34:24 vmi291233 sshd[2303293]: Invalid user
> christine from 89.37.193.207 port 41740 Oct 14 04:35:38 vmi291233
> sshd[2303313]: Invalid user scott from 89.37.193.207 port 56802 Oct 14
> 04:39:10 vmi291233 sshd[2303427]: Invalid user sysadmin from 89.37.193.207
> port 52862 Oct 14 04:40:23 vmi291233 sshd[2303438]: Invalid user r from
> 89.37.193.207 port 43932 Oct 14 04:41:32 vmi291233 sshd[2303443]: Invalid
> user zdy from 89.37.193.207 port 53182
> *2025-10-14 02:40*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-14T02:35:14.047265+00:00 Linux07 sshd[501608]:
> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
> ruser= rhost=89.37.193.207 2025-10-14T02:35:16.055126+00:00 Linux07
> sshd[501608]: Failed password for invalid user scott from 89.37.193.207
> port 33122 ssh2 2025-10-14T02:36:26.682396+00:00 Linux07 sshd[504847]:
> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
> ruser= rhost=89.37.193.207 user=root 2025-10-14T02:36:28.575212+00:00
> Linux07 sshd[504847]: Failed password for root from 89.37.193.207 port
> 51224 ssh2 2025-10-14T02:37:34.644031+00:00 Linux07 sshd[507849]:
> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
> ruser= rhost=89.37.193.207 user=root 2025-10-14T02:37:36.536188+00:00
> Linux07 sshd[507849]: Failed password for root from 89.37.193.207 port
> 33322 ssh2 2025-10-14T02:38:46.515908+00:00 Linux07 sshd[510609]: Invalid
> user sysadmin from 89.37.193.207 port 57684
> 2025-10-14T02:38:46.518036+00:00 Linux07 …
> *2025-10-14 02:37*.*Categories:* Brute-Force, SSH.
> *Comment:* Oct 14 02:35:21 antti-vps2 sshd[744054]: Invalid user scott
> from 89.37.193.207 port 48554 Oct 14 02:36:33 antti-vps2 sshd[744227]:
> Connection from 89.37.193.207 port 43438 on 10.0.0.124 port 22 rdomain «»
> Oct 14 02:36:33 antti-vps2 sshd[744227]: User root from 89.37.193.207 not
> allowed because none of user’s groups are listed in AllowGroups Oct 14
> 02:37:42 antti-vps2 sshd[744429]: Connection from 89.37.193.207 port 58504
> on 10.0.0.124 port 22 rdomain «» Oct 14 02:37:42 antti-vps2 sshd[744429]:
> User root from 89.37.193.207 not allowed because none of user’s groups are
> listed in AllowGroups …
> *2025-10-14 02:35*.*Categories:* Brute-Force, SSH.
> *Comment:* DE902-V6-FFM: SSH Brute Force from 89.37.193.207 at 2025-10-14
> 08:05:46 IST
> *2025-10-14 02:34*.*Categories:* SSH.
> *Comment:* 89.37.193.207 banned on rtr — Threshold reached: 5 failures
> *2025-10-14 02:31*.*Categories:* Brute-Force, SSH.
> *Comment:* 89.37.193.207 (PL/Poland/-), 5 distributed sshd attacks on
> account [root] in the last 3600 secs; Ports: *; Direction: 1; Trigger:
> LF_DISTATTACK; Logs: Oct 13 21:31:16 15140 sshd[16333]:
> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
> ruser= rhost=209.74.66.170 user=root Oct 13 21:30:14 15140 sshd[16264]:
> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
> ruser= rhost=89.37.193.207 user=root Oct 13 21:30:16 15140 sshd[16264]:
> Failed password for root from 89.37.193.207 port 38370 ssh2 Oct 13 21:24:40
> 15140 sshd[15884]: pam_unix(sshd:auth): authentication failure; logname=
> uid=0 euid=0 tty=ssh ruser= rhost=4.224.36.103 user=root Oct 13 21:24:42
> 15140 sshd[15884]: Failed password for root from 4.224.36.103 port 46496
> ssh2 IP Addresses Blocked: 209.74.66.170 (US/United States/
> monarchianistic-embracery.vpsrdns.web-hosting.com)
> *2025-10-14 01:54*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-14T03:50:57.366308+02:00 axisverse
> sshd-session[2328220]: Invalid user ftproot from 89.37.193.207 port 50050
> 2025-10-14T03:53:21.997177+02:00 axisverse sshd-session[2332922]: Invalid
> user ftpuser from 89.37.193.207 port 53654 2025-10-14T03:54:35.191506+02:00
> axisverse sshd-session[2335276]: Invalid user lx from 89.37.193.207 port
> 37946 …
> *2025-10-14 01:51*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-14T02:51:00.545830+01:00 omega.nodes.sillydev.co.uk
> sshd[2769533]: Invalid user ftproot from 89.37.193.207 port 42084
> 2025-10-14T02:51:00.556579+01:00 omega.nodes.sillydev.co.uk
> sshd[2769533]: pam_unix(sshd:auth): authentication failure; logname= uid=0
> euid=0 tty=ssh ruser= rhost=89.37.193.207 2025-10-14T02:51:01.882799+01:00
> omega.nodes.sillydev.co.uk sshd[2769533]: Failed password for invalid
> user ftproot from 89.37.193.207 port 42084 ssh2 …
> *2025-10-14 01:50*.*Categories:* Brute-Force, SSH.
> *Comment:* Oct 14 03:46:51 [redacted] sshd[1462276]: Failed password for
> root from 89.37.193.207 port 37736 ssh2 Oct 14 03:50:19 [redacted]
> sshd[1462317]: Invalid user ftproot from 89.37.193.207 port 48880 …
> *2025-10-14 01:49*.*Categories:* Port Scan.
> *Comment:* ID: 5730368201 | PORT: 57545 |
> https://89-37-193-207.scanthe.net
> *2025-10-14 01:48*.*Categories:* Brute-Force, SSH.
> *Comment:* 89.37.193.207 (RU/Russia/-), 5 distributed sshd attacks on
> account [root] in the last 3600 secs; Ports: *; Direction: 1; Trigger:
> LF_DISTATTACK; Logs: Oct 13 19:49:48 15757 sshd[5720]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=201.6.100.191 user=root Oct 13 19:49:50 15757 sshd[5720]: Failed
> password for root from 201.6.100.191 port 57170 ssh2 Oct 13 20:47:58 15757
> sshd[10488]: pam_unix(sshd:auth): authentication failure; logname= uid=0
> euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root Oct 13 20:48:00 15757
> sshd[10488]: Failed password for root from 89.37.193.207 port 54106 ssh2
> Oct 13 19:54:38 15757 sshd[6115]: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.17.148.221
> user=root IP Addresses Blocked: 201.6.100.191 (BR/Brazil/
> c90664bf.static.spo.virtua.com.br)
> *2025-10-14 01:28*.*Categories:* Brute-Force, SSH.
> *Comment:* Oct 14 03:21:37 Debian-1010-buster-64-minimal sshd[1018209]:
> Invalid user ftpuser from 89.37.193.207 port 59294 Oct 14 03:25:10
> Debian-1010-buster-64-minimal sshd[1105361]: Invalid user mary from
> 89.37.193.207 port 35886 Oct 14 03:26:17 Debian-1010-buster-64-minimal
> sshd[1130108]: Invalid user arif from 89.37.193.207 port 38794 Oct 14
> 03:27:23 Debian-1010-buster-64-minimal sshd[1155934]: Invalid user qui from
> 89.37.193.207 port 33008 Oct 14 03:28:33 Debian-1010-buster-64-minimal
> sshd[1181854]: Invalid user gogs from 89.37.193.207 port 40512 …
> *2025-10-14 01:11*.*Categories:* Brute-Force, SSH.
> *Comment:* Oct 14 03:05:16 Debian-1010-buster-64-minimal sshd[628861]:
> Invalid user term2 from 89.37.193.207 port 38598 Oct 14 03:07:31
> Debian-1010-buster-64-minimal sshd[683953]: Invalid user finance from
> 89.37.193.207 port 37448 Oct 14 03:08:43 Debian-1010-buster-64-minimal
> sshd[712486]: Invalid user ssm from 89.37.193.207 port 36330 Oct 14
> 03:09:54 Debian-1010-buster-64-minimal sshd[740375]: Invalid user ubuntu
> from 89.37.193.207 port 46868 Oct 14 03:11:04 Debian-1010-buster-64-minimal
> sshd[769679]: Invalid user demo from 89.37.193.207 port 36096 …
> *2025-10-14 01:08*.*Categories:* Brute-Force, SSH.
> *Comment:* (sshd) Failed SSH login from 89.37.193.207 (RU/Russia/-): 5 in
> the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Oct 13
> 20:04:40 16484 sshd[15186]: Invalid user term2 from 89.37.193.207 port
> 41832 Oct 13 20:04:43 16484 sshd[15186]: Failed password for invalid user
> term2 from 89.37.193.207 port 41832 ssh2 Oct 13 20:07:21 16484 sshd[15573]:
> Invalid user finance from 89.37.193.207 port 49526 Oct 13 20:07:23 16484
> sshd[15573]: Failed password for invalid user finance from 89.37.193.207
> port 49526 ssh2 Oct 13 20:08:33 16484 sshd[15745]: Invalid user ssm from
> 89.37.193.207 port 50130
> *2025-10-14 01:07*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-14T03:05:01.511829+02:00 terminator.powersource.cx
> sshd-session[258941]: pam_unix(sshd:auth): authentication failure; logname=
> uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207
> 2025-10-14T03:05:04.122008+02:00 terminator.powersource.cx
> sshd-session[258941]: Failed password for invalid user term2 from
> 89.37.193.207 port 51312 ssh2 2025-10-14T03:07:26.454470+02:00
> terminator.powersource.cx sshd-session[259155]: Invalid user finance from
> 89.37.193.207 port 51650
> *2025-10-14 01:04*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-14T01:04:26.798566+00:00 wn-us sshd[2002539]: Invalid
> user term2 from 89.37.193.207 port 34910 …
> *2025-10-14 00:39*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-14T01:24:02.539175+01:00 dasec-proxy-ssh sshd[915313]:
> Invalid user helen from 89.37.193.207 port 57700
> 2025-10-14T01:24:02.586317+01:00 dasec-proxy-ssh sshd[915313]: Disconnected
> from invalid user helen 89.37.193.207 port 57700 [preauth]
> 2025-10-14T01:25:44.989027+01:00 dasec-proxy-ssh sshd[915355]: Invalid user
> ydy from 89.37.193.207 port 49302 2025-10-14T01:25:45.042787+01:00
> dasec-proxy-ssh sshd[915355]: Disconnected from invalid user ydy
> 89.37.193.207 port 49302 [preauth] 2025-10-14T01:27:01.374822+01:00
> dasec-proxy-ssh sshd[915389]: Disconnected from authenticating user root
> 89.37.193.207 port 51382 [preauth] 2025-10-14T01:28:12.697560+01:00
> dasec-proxy-ssh sshd[915421]: Disconnected from authenticating user root
> 89.37.193.207 port 37114 [preauth] 2025-10-14T01:29:20.182250+01:00
> dasec-proxy-ssh sshd[915447]: Invalid user lee from 89.37.193.207 port
> 55860 2025-10-14T01:29:20.228647+01:00 dasec-proxy-ssh sshd[915447]:
> Disconnected from invalid user lee 89.37.193.207 port 5 …
> *2025-10-14 00:33*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-14T08:28:58.445389+08:00 *hostname*
> sshd-session[1757303]: Invalid user lee from 89.37.193.207 port 60996
> 2025-10-14T08:31:14.996136+08:00 *hostname* sshd-session[1757317]:
> Connection from 89.37.193.207 port 54964 on 10.7.121.81 port 22 rdomain «»
> 2025-10-14T08:31:15.987529+08:00 *hostname* sshd-session[1757317]: Invalid
> user master from 89.37.193.207 port 54964 2025-10-14T08:33:34.747846+08:00
> *hostname* sshd-session[1757335]: Connection from 89.37.193.207 port 37436
> on 10.7.121.81 port 22 rdomain «» 2025-10-14T08:33:35.727147+08:00
> *hostname* sshd-session[1757335]: Invalid user root/admin from
> 89.37.193.207 port 37436
> *2025-10-14 00:26*.*Categories:* Brute-Force, SSH.
> *Comment:* (sshd) Failed SSH login from 89.37.193.207 (RU/Russia/-): 5 in
> the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Oct 14
> 00:21:06 23360 sshd[30151]: Invalid user helen from 89.37.193.207 port
> 46978 Oct 14 00:21:08 23360 sshd[30151]: Failed password for invalid user
> helen from 89.37.193.207 port 46978 ssh2 Oct 14 00:24:52 23360 sshd[30800]:
> Invalid user ydy from 89.37.193.207 port 50042 Oct 14 00:24:55 23360
> sshd[30800]: Failed password for invalid user ydy from 89.37.193.207 port
> 50042 ssh2 Oct 14 00:26:09 23360 sshd[30982]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=89.37.193.207 user=root
> *2025-10-14 00:09*.*Categories:* Brute-Force.
> *Comment:* list.rtbh.com.tr report: tcp/0
> *2025-10-14 00:03*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-14T01:01:24.927142+01:00 miku.zit.at sshd[1356788]:
> Failed password for invalid user vpnuser1 from 89.37.193.207 port 47330
> ssh2 2025-10-14T01:02:29.001717+01:00 miku.zit.at sshd[1356951]: Invalid
> user admin from 89.37.193.207 port 52188 2025-10-14T01:02:29.010105+01:00
> miku.zit.at sshd[1356951]: pam_unix(sshd:auth): authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207
> 2025-10-14T01:02:31.155472+01:00 miku.zit.at sshd[1356951]: Failed
> password for invalid user admin from 89.37.193.207 port 52188 ssh2
> 2025-10-14T01:03:32.896194+01:00 miku.zit.at sshd[1357120]: Invalid user
> ilaria from 89.37.193.207 port 38106 …
> *2025-10-13 23:45*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-14T00:43:34.553495+01:00 miku.zit.at sshd[1353750]:
> Failed password for invalid user lucas from 89.37.193.207 port 41858 ssh2
> 2025-10-14T00:44:49.104608+01:00 miku.zit.at sshd[1354044]: Invalid user
> rootftp from 89.37.193.207 port 49114 2025-10-14T00:44:49.107864+01:00
> miku.zit.at sshd[1354044]: pam_unix(sshd:auth): authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207
> 2025-10-14T00:44:51.066765+01:00 miku.zit.at sshd[1354044]: Failed
> password for invalid user rootftp from 89.37.193.207 port 49114 ssh2
> 2025-10-14T00:45:55.942326+01:00 miku.zit.at sshd[1354241]: Invalid user
> ubuntu from 89.37.193.207 port 35812 …
> *2025-10-13 23:03*.*Categories:* SSH.
> *Comment:* 2025-10-14T00:01:17.994741+01:00 hostvu2 sshd[3125502]: Failed
> password for root from 89.37.193.207 port 42162 ssh2
> 2025-10-14T00:02:29.847326+01:00 hostvu2 sshd[3125540]:
> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
> ruser= rhost=89.37.193.207 user=root 2025-10-14T00:02:31.777500+01:00
> hostvu2 sshd[3125540]: Failed password for root from 89.37.193.207 port
> 54076 ssh2 2025-10-14T00:03:45.147983+01:00 hostvu2 sshd[3127863]:
> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
> ruser= rhost=89.37.193.207 user=root 2025-10-14T00:03:47.851966+01:00
> hostvu2 sshd[3127863]: Failed password for root from 89.37.193.207 port
> 33766 ssh2 …
> *2025-10-13 22:54*.*Categories:* Brute-Force, SSH.
> *Comment:* Oct 13 22:50:18 raspberrypi sshd[14337]: Invalid user bodega
> from 89.37.193.207 port 34100 Oct 13 22:51:29 raspberrypi sshd[14356]:
> Invalid user Azure from 89.37.193.207 port 34028 Oct 13 22:52:41
> raspberrypi sshd[14404]: Invalid user uftp from 89.37.193.207 port 43912
> Oct 13 22:53:49 raspberrypi sshd[14454]: Invalid user regionalci from
> 89.37.193.207 port 38190 Oct 13 22:54:58 raspberrypi sshd[14478]: Invalid
> user anti from 89.37.193.207 port 39212 …
> *2025-10-13 22:39*.*Categories:* Brute-Force, SSH.
> *Comment:* Oct 13 22:35:10 raspberrypi sshd[13876]: Invalid user cy from
> 89.37.193.207 port 43112 Oct 13 22:36:18 raspberrypi sshd[13907]: Invalid
> user mohit from 89.37.193.207 port 54898 Oct 13 22:37:27 raspberrypi
> sshd[13962]: Invalid user scott from 89.37.193.207 port 47960 Oct 13
> 22:38:40 raspberrypi sshd[14001]: Invalid user david from 89.37.193.207
> port 56820 Oct 13 22:39:50 raspberrypi sshd[14025]: Invalid user matin from
> 89.37.193.207 port 39200 …
> *2025-10-13 22:24*.*Categories:* Brute-Force, SSH.
> *Comment:* Oct 13 22:16:30 raspberrypi sshd[13334]: Invalid user mpp from
> 89.37.193.207 port 55076 Oct 13 22:20:02 raspberrypi sshd[13428]: Invalid
> user newuser from 89.37.193.207 port 60068 Oct 13 22:22:20 raspberrypi
> sshd[13521]: Invalid user ftpuser from 89.37.193.207 port 41784 Oct 13
> 22:23:28 raspberrypi sshd[13566]: Invalid user super from 89.37.193.207
> port 51686 Oct 13 22:24:36 raspberrypi sshd[13616]: Invalid user victor
> from 89.37.193.207 port 45488 …
> *2025-10-13 22:22*.*Categories:* Brute-Force, SSH.
> *Comment:* Fail2ban Triggered
> *2025-10-13 22:18*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-14T11:16:09.504177+13:00 dara sshd[2963963]:
> Disconnected from invalid user mpp 89.37.193.207 port 40546 [preauth]
> 2025-10-14T11:18:37.495269+13:00 dara sshd[2964206]: Connection from
> 89.37.193.207 port 37962 on 135.181.182.173 port 22 rdomain «»
> 2025-10-14T11:18:37.738642+13:00 dara sshd[2964206]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=89.37.193.207 user=root 2025-10-14T11:18:39.671832+13:00 dara
> sshd[2964206]: Failed password for root from 89.37.193.207 port 37962 ssh2
> 2025-10-14T11:18:39.892794+13:00 dara sshd[2964206]: Disconnected from
> authenticating user root 89.37.193.207 port 37962 [preauth] …
> *2025-10-13 21:39*.*Categories:* Brute-Force, SSH.
> *Comment:* SSH auth scanning — multiple failed logins
> *2025-10-13 21:38*.*Categories:* Brute-Force, SSH.
> *Comment:*
> *2025-10-13 21:36*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-14T03:33:55.782333+06:00 ubuntu sshd[186921]: Failed
> password for root from 89.37.193.207 port 49848 ssh2
> 2025-10-14T03:36:21.214638+06:00 ubuntu sshd[186956]: Invalid user ld from
> 89.37.193.207 port 40478 …
> *2025-10-13 21:35*.*Categories:* Brute-Force, SSH.
> *Comment:* Oct 13 21:31:45 au-mirror sshd[1205907]: Failed password for
> root from 89.37.193.207 port 46092 ssh2 Oct 13 21:35:43 au-mirror
> sshd[1205948]: Invalid user ld from 89.37.193.207 port 53614 …
> *2025-10-13 21:27*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-13T21:21:52.723697+00:00 ingereck.net sshd[1385418]:
> Invalid user nandan from 89.37.193.207 port 34336
> 2025-10-13T21:23:20.479685+00:00 ingereck.net sshd[1385431]: Invalid user
> sajjad from 89.37.193.207 port 44428 2025-10-13T21:24:44.159894+00:00
> ingereck.net sshd[1385440]: Invalid user adu from 89.37.193.207 port
> 35366 2025-10-13T21:26:07.555647+00:00 ingereck.net sshd[1385460]:
> Invalid user hamza from 89.37.193.207 port 39186
> 2025-10-13T21:27:34.980048+00:00 ingereck.net sshd[1385476]: Invalid user
> ftpuser from 89.37.193.207 port 55532 …
> *2025-10-13 21:15*.*Categories:* Brute-Force, SSH.
> *Comment:* Oct 13 23:14:05 portfolio-web sshd[1981429]:
> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
> ruser= rhost=89.37.193.207 user=root Oct 13 23:14:07 portfolio-web
> sshd[1981429]: Failed password for root from 89.37.193.207 port 42336 ssh2
> Oct 13 23:15:34 portfolio-web sshd[1981440]: Invalid user profe from
> 89.37.193.207 port 51760 Oct 13 23:15:34 portfolio-web sshd[1981440]:
> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
> ruser= rhost=89.37.193.207 Oct 13 23:15:37 portfolio-web sshd[1981440]:
> Failed password for invalid user profe from 89.37.193.207 port 51760 ssh2
> …
> *2025-10-13 21:11*.*Categories:* Brute-Force, SSH.
> *Comment:* Oct 13 23:10:07 odin sshd[3777]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=89.37.193.207 Oct 13 23:10:09 odin sshd[3777]: Failed password for
> invalid user zhang from 89.37.193.207 port 40946 ssh2 Oct 13 23:11:33 odin
> sshd[4332]: Failed password for root from 89.37.193.207 port 46218 ssh2
> *2025-10-13 21:10*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-13T21:04:46.985799+00:00 ingereck.net sshd[1385008]:
> Invalid user gabby from 89.37.193.207 port 50564
> 2025-10-13T21:06:07.183553+00:00 ingereck.net sshd[1385033]: Invalid user
> rr from 89.37.193.207 port 55822 2025-10-13T21:07:32.012782+00:00
> ingereck.net sshd[1385056]: Invalid user sean from 89.37.193.207 port
> 44860 2025-10-13T21:08:59.833317+00:00 ingereck.net sshd[1385094]:
> Invalid user sepehr from 89.37.193.207 port 46342
> 2025-10-13T21:10:26.179617+00:00 ingereck.net sshd[1385203]: Invalid user
> zhang from 89.37.193.207 port 35634 …
> *2025-10-13 20:53*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-13T20:42:54.124110+00:00 ingereck.net sshd[1384644]:
> Invalid user zain from 89.37.193.207 port 51076
> 2025-10-13T20:49:03.581891+00:00 ingereck.net sshd[1384707]: Invalid user
> g from 89.37.193.207 port 34312 2025-10-13T20:50:30.112025+00:00
> ingereck.net sshd[1384742]: Invalid user ftptest from 89.37.193.207 port
> 53042 2025-10-13T20:51:53.410638+00:00 ingereck.net sshd[1384770]:
> Invalid user chenhui from 89.37.193.207 port 58420
> 2025-10-13T20:53:14.679462+00:00 ingereck.net sshd[1384791]: Invalid user
> luciano from 89.37.193.207 port 42216 …
> *2025-10-13 20:47*.*Categories:* Brute-Force, SSH.
> *Comment:* Oct 13 22:44:35 portfolio-web sshd[1980958]:
> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
> ruser= rhost=89.37.193.207 user=root Oct 13 22:44:37 portfolio-web
> sshd[1980958]: Failed password for root from 89.37.193.207 port 36128 ssh2
> Oct 13 22:45:51 portfolio-web sshd[1980997]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=89.37.193.207 user=root Oct 13 22:45:53 portfolio-web sshd[1980997]:
> Failed password for root from 89.37.193.207 port 54166 ssh2 Oct 13 22:47:06
> portfolio-web sshd[1981010]: Invalid user admin from 89.37.193.207 port
> 39594 …
> *2025-10-13 20:44*.*Categories:* Brute-Force, SSH.
> *Comment:* Oct 13 22:42:00 odin sshd[28374]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=89.37.193.207 Oct 13 22:42:01 odin sshd[28374]: Failed password for
> invalid user zain from 89.37.193.207 port 37104 ssh2 Oct 13 22:44:51 odin
> sshd[28673]: Failed password for root from 89.37.193.207 port 42654 ssh2
> *2025-10-13 20:43*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-13T22:43:03.650933+02:00 meet sshd-session[44495]:
> Invalid user zain from 89.37.193.207 port 33708 …
> *2025-10-13 20:10*.*Categories:* Brute-Force.
> *Comment:* list.rtbh.com.tr report: tcp/0
> *2025-10-13 19:56*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-13T21:53:18.889098+02:00 fra-GW01 sshd[1548854]:
> Failed password for invalid user sk from 89.37.193.207 port 45546 ssh2
> 2025-10-13T21:56:49.841119+02:00 fra-GW01 sshd[1549002]:
> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
> ruser= rhost=89.37.193.207 user=root 2025-10-13T21:56:52.108571+02:00
> fra-GW01 sshd[1549002]: Failed password for root from 89.37.193.207 port
> 60274 ssh2 …
> *2025-10-13 19:51*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-13T20:49:34.108013+01:00 miku.zit.at sshd[1308998]:
> Failed password for invalid user test01 from 89.37.193.207 port 34616 ssh2
> 2025-10-13T20:50:42.444459+01:00 miku.zit.at sshd[1309268]: Invalid user
> ubuntu from 89.37.193.207 port 36268 2025-10-13T20:50:42.451827+01:00
> miku.zit.at sshd[1309268]: pam_unix(sshd:auth): authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207
> 2025-10-13T20:50:44.001939+01:00 miku.zit.at sshd[1309268]: Failed
> password for invalid user ubuntu from 89.37.193.207 port 36268 ssh2
> 2025-10-13T20:51:55.164154+01:00 miku.zit.at sshd[1309468]: Invalid user
> a from 89.37.193.207 port 49630 …
> *2025-10-13 19:43*.*Categories:* Brute-Force, SSH.
> *Comment:* Invalid user botuser from 89.37.193.207 port 38610
> *2025-10-13 19:41*.*Categories:* Brute-Force, SSH.
> *Comment:* Invalid user botuser from 89.37.193.207 port 43654
> *2025-10-13 19:34*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-13T20:31:58.469411+01:00 miku.zit.at sshd[1306099]:
> Failed password for invalid user ubuntu from 89.37.193.207 port 34504 ssh2
> 2025-10-13T20:33:07.226387+01:00 miku.zit.at sshd[1306272]: Invalid user
> admin1 from 89.37.193.207 port 45574 2025-10-13T20:33:07.233832+01:00
> miku.zit.at sshd[1306272]: pam_unix(sshd:auth): authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207
> 2025-10-13T20:33:09.621530+01:00 miku.zit.at sshd[1306272]: Failed
> password for invalid user admin1 from 89.37.193.207 port 45574 ssh2
> 2025-10-13T20:34:17.752363+01:00 miku.zit.at sshd[1306445]: Invalid user
> dev from 89.37.193.207 port 50586 …
> *2025-10-13 19:16*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-13T20:14:21.012027+01:00 miku.zit.at sshd[1302866]:
> Failed password for invalid user sammy from 89.37.193.207 port 35894 ssh2
> 2025-10-13T20:15:40.340252+01:00 miku.zit.at sshd[1303158]: Invalid user
> dockeruser from 89.37.193.207 port 42818 2025-10-13T20:15:40.347792+01:00
> miku.zit.at sshd[1303158]: pam_unix(sshd:auth): authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207
> 2025-10-13T20:15:42.665646+01:00 miku.zit.at sshd[1303158]: Failed
> password for invalid user dockeruser from 89.37.193.207 port 42818 ssh2
> 2025-10-13T20:16:51.791041+01:00 miku.zit.at sshd[1303597]: Invalid user
> steam from 89.37.193.207 port 39840 …
> *2025-10-13 19:16*.*Categories:* Brute-Force, SSH.
> *Comment:* Log Entry: 2025-10-13T19:12:23241 abuse sshd[1130709]: Invalid
> user sammy from 89.37.193.207 port 40508 Log Entry: 2025-10-13T19:15:06935
> abuse sshd[1130931]: Invalid user dockeruser from 89.37.193.207 port 49254
> Log Entry: 2025-10-13T19:16:19149 abuse sshd[1131010]: Invalid user steam
> from 89.37.193.207 port 45134 Log Entry: …
> *2025-10-13 19:15*.*Categories:* Brute-Force, Web App Attack,
> SSH.
> *Comment:* Default ban by fail2ban
> *2025-10-13 19:12*.*Categories:* Brute-Force, SSH.
> *Comment:* $f2bV_matches
> *2025-10-13 19:10*.*Categories:* Port Scan, Hacking, Brute-Force,
> Exploited Host, Web App Attack.
> *Comment:* 2025-10-14T00:40:35.835038localhost sshd[1525019]: Invalid
> user sammy from 89.37.193.207 port 33268 …
> *2025-10-13 18:00*.*Categories:* Brute-Force, SSH.
> *Comment:* SSH abuse or brute-force attack detected by Fail2Ban in ssh
> jail
> *2025-10-13 17:46*.*Categories:* Brute-Force, SSH.
> *Comment:* (sshd) Failed SSH login from 89.37.193.207 (RU/Russia/-): 5 in
> the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Oct 13
> 12:41:23 15806 sshd[25820]: Invalid user ray from 89.37.193.207 port 55818
> Oct 13 12:41:25 15806 sshd[25820]: Failed password for invalid user ray
> from 89.37.193.207 port 55818 ssh2 Oct 13 12:45:11 15806 sshd[26212]:
> Invalid user work from 89.37.193.207 port 44804 Oct 13 12:45:13 15806
> sshd[26212]: Failed password for invalid user work from 89.37.193.207 port
> 44804 ssh2 Oct 13 12:46:31 15806 sshd[26321]: Invalid user alin from
> 89.37.193.207 port 53842
> *2025-10-13 17:46*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-13T13:44:01.215982 tlgy-node1 sshd[2782300]:
> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
> ruser= rhost=89.37.193.207 2025-10-13T13:44:03.283761 tlgy-node1
> sshd[2782300]: Failed password for invalid user ray from 89.37.193.207 port
> 53986 ssh2 2025-10-13T13:46:03.500386 tlgy-node1 sshd[2782792]: Invalid
> user work from 89.37.193.207 port 42524 …
> *2025-10-13 17:45*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-13T17:43:20.037810+00:00 edge-fra-2.senko.network
> sshd[3886852]: Invalid user ray from 89.37.193.207 port 60708
> 2025-10-13T17:45:46.129653+00:00 edge-fra-2.senko.network sshd[3886948]:
> Invalid user work from 89.37.193.207 port 34444 …
> *2025-10-13 16:54*.*Categories:* Brute-Force, SSH.
> *Comment:* (sshd) Failed SSH login from 89.37.193.207 (RU/Russia/-): 5 in
> the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Oct 13
> 11:51:22 14153 sshd[26867]: Invalid user aria from 89.37.193.207 port 60374
> Oct 13 11:51:24 14153 sshd[26867]: Failed password for invalid user aria
> from 89.37.193.207 port 60374 ssh2 Oct 13 11:53:24 14153 sshd[27029]:
> Invalid user ftpuser from 89.37.193.207 port 46416 Oct 13 11:53:26 14153
> sshd[27029]: Failed password for invalid user ftpuser from 89.37.193.207
> port 46416 ssh2 Oct 13 11:54:46 14153 sshd[27121]: Invalid user testuser
> from 89.37.193.207 port 52554
> *2025-10-13 16:53*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-13T18:51:46.186028+02:00 fra-GW01 sshd[1537946]:
> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
> ruser= rhost=89.37.193.207 2025-10-13T18:51:47.536668+02:00 fra-GW01
> sshd[1537946]: Failed password for invalid user aria from 89.37.193.207
> port 46728 ssh2 2025-10-13T18:53:34.406193+02:00 fra-GW01 sshd[1538132]:
> Invalid user ftpuser from 89.37.193.207 port 37544 …
> *2025-10-13 16:53*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-13T11:50:13.148302-05:00 ip-172-31-76-241
> sshd[983557]: Invalid user aria from 89.37.193.207 port 37084
> 2025-10-13T11:50:13.288730-05:00 ip-172-31-76-241 sshd[983557]:
> Disconnected from invalid user aria 89.37.193.207 port 37084 [preauth]
> 2025-10-13T11:52:59.900891-05:00 ip-172-31-76-241 sshd[1023332]: Invalid
> user ftpuser from 89.37.193.207 port 48958 …
> *2025-10-13 16:10*.*Categories:* Brute-Force, SSH.
> *Comment:* Oct 13 17:06:01 ipmi sshd[40953]: Disconnected from
> authenticating user root 89.37.193.207 port 34670 [preauth] Oct 13 17:09:08
> ipmi sshd[41150]: pam_unix(sshd:auth): authentication failure; logname=
> uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root Oct 13 17:09:10
> ipmi sshd[41150]: Failed password for root from 89.37.193.207 port 36750
> ssh2 Oct 13 17:09:10 ipmi sshd[41150]: Disconnected from authenticating
> user root 89.37.193.207 port 36750 [preauth] Oct 13 17:10:27 ipmi
> sshd[41256]: Invalid user botuser from 89.37.193.207 port 60782 …
> *2025-10-13 16:05*.*Categories:* Brute-Force, SSH.
> *Comment:* 89.37.193.207 (RU/Russia/-), 5 distributed sshd attacks on
> account [root] in the last 3600 secs; Ports: *; Direction: 1; Trigger:
> LF_DISTATTACK; Logs: Oct 13 11:05:48 12389 sshd[28715]:
> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
> ruser= rhost=89.37.193.207 user=root Oct 13 10:31:48 12389 sshd[26052]:
> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
> ruser= rhost=119.255.245.44 user=root Oct 13 10:31:50 12389 sshd[26052]:
> Failed password for root from 119.255.245.44 port 46722 ssh2 Oct 13
> 11:05:08 12389 sshd[28692]: pam_unix(sshd:auth): authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=212.19.117.204 user=root Oct 13
> 11:05:10 12389 sshd[28692]: Failed password for root from 212.19.117.204
> port 41447 ssh2 IP Addresses Blocked:
> *2025-10-13 15:59*.*Categories:* Brute-Force, SSH.
> *Comment:* Oct 13 18:58:19 www sshd\[18514\]: Invalid user devops from
> 89.37.193.207Oct 13 18:58:21 www sshd\[18514\]: Failed password for invalid
> user devops from 89.37.193.207 port 42728 ssh2Oct 13 18:59:30 www
> sshd\[18538\]: Invalid user becky from 89.37.193.207 …
> *2025-10-13 15:55*.*Categories:* Brute-Force, SSH.
> *Comment:* Oct 13 17:52:57 m2048 sshd[3963318]: Invalid user sonarr from
> 89.37.193.207 port 60364 Oct 13 17:52:59 m2048 sshd[3963318]: Failed
> password for invalid user sonarr from 89.37.193.207 port 60364 ssh2 Oct 13
> 17:54:12 m2048 sshd[3963423]: pam_unix(sshd:auth): authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root Oct 13
> 17:54:14 m2048 sshd[3963423]: Failed password for root from 89.37.193.207
> port 57376 ssh2 Oct 13 17:55:26 m2048 sshd[3963545]: Invalid user rana from
> 89.37.193.207 port 45944 …
> *2025-10-13 15:42*.*Categories:* Brute-Force, SSH.
> *Comment:* Oct 13 18:41:15 www sshd\[18163\]: Invalid user adnan from
> 89.37.193.207Oct 13 18:41:18 www sshd\[18163\]: Failed password for invalid
> user adnan from 89.37.193.207 port 33416 ssh2Oct 13 18:42:26 www
> sshd\[18186\]: Invalid user summer from 89.37.193.207 …
> *2025-10-13 15:29*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-13T17:26:04.364860+02:00 ns402 sshd[1629988]: Failed
> password for invalid user backend from 89.37.193.207 port 36972 ssh2
> 2025-10-13T17:26:04.496363+02:00 ns402 sshd[1629988]: Disconnected from
> invalid user backend 89.37.193.207 port 36972 [preauth]
> 2025-10-13T17:27:20.957910+02:00 ns402 sshd[1630266]: Invalid user sean
> from 89.37.193.207 port 56424 2025-10-13T17:27:20.972437+02:00 ns402
> sshd[1630266]: pam_unix(sshd:auth): authentication failure; logname= uid=0
> euid=0 tty=ssh ruser= rhost=89.37.193.207 2025-10-13T17:27:22.851067+02:00
> ns402 sshd[1630266]: Failed password for invalid user sean from
> 89.37.193.207 port 56424 ssh2 2025-10-13T17:27:22.921966+02:00 ns402
> sshd[1630266]: Disconnected from invalid user sean 89.37.193.207 port 56424
> [preauth] 2025-10-13T17:28:34.034136+02:00 ns402 sshd[1630506]:
> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
> ruser= rhost=89.37.193.207 user=root 2025-10-13T17:28:35.602252+02:00 ns402
> sshd[1630506]: Failed pas …
> *2025-10-13 15:27*.*Categories:* Brute-Force, SSH.
> *Comment:* Oct 13 17:26:11 m2048 sshd[3962079]: Failed password for
> invalid user backend from 89.37.193.207 port 56022 ssh2 Oct 13 17:27:27
> m2048 sshd[3962096]: Invalid user sean from 89.37.193.207 port 53662 Oct 13
> 17:27:27 m2048 sshd[3962096]: pam_unix(sshd:auth): authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207 Oct 13 17:27:27
> m2048 sshd[3962096]: Invalid user sean from 89.37.193.207 port 53662 Oct 13
> 17:27:29 m2048 sshd[3962096]: Failed password for invalid user sean from
> 89.37.193.207 port 53662 ssh2 …
> *2025-10-13 15:25*.*Categories:* Brute-Force, SSH.
> *Comment:* Oct 13 18:20:25 www sshd\[17740\]: Failed password for root
> from 89.37.193.207 port 40482 ssh2Oct 13 18:25:18 www sshd\[17843\]:
> Invalid user backend from 89.37.193.207Oct 13 18:25:20 www sshd\[17843\]:
> Failed password for invalid user backend from 89.37.193.207 port 51508 ssh2
> …
> *2025-10-13 15:25*.*Categories:* SSH.
> *Comment:* Oct 13 16:25:02 l03 sshd[3278]: Invalid user backend from
> 89.37.193.207 port 36152 …
> *2025-10-13 15:19*.*Categories:* Brute-Force, SSH.
> *Comment:* 89.37.193.207 (RU/Russia/-), 5 distributed sshd attacks on
> account [root] in the last 3600 secs; Ports: *; Direction: 1; Trigger:
> LF_DISTATTACK; Logs: Oct 13 10:06:31 14106 sshd[14192]:
> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
> ruser= rhost=78.89.154.59 user=root Oct 13 10:06:33 14106 sshd[14192]:
> Failed password for root from 78.89.154.59 port 34944 ssh2 Oct 13 10:02:43
> 14106 sshd[13828]: pam_unix(sshd:auth): authentication failure; logname=
> uid=0 euid=0 tty=ssh ruser= rhost=79.116.71.204 user=root Oct 13 10:19:45
> 14106 sshd[15215]: pam_unix(sshd:auth): authentication failure; logname=
> uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root Oct 13 10:19:46
> 14106 sshd[15215]: Failed password for root from 89.37.193.207 port 33682
> ssh2 IP Addresses Blocked: 78.89.154.59 (KW/Kuwait/-) 79.116.71.204
> (ES/Spain/79-116-71-204.digimobil.es)
> *2025-10-13 14:37*.*Categories:* Brute-Force, SSH.
> *Comment:* 89.37.193.207 (RU/Russia/-), 5 distributed sshd attacks on
> account [root] in the last 3600 secs; Ports: *; Direction: 1; Trigger:
> LF_DISTATTACK; Logs: Oct 13 09:35:52 16988 sshd[23185]:
> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
> ruser= rhost=162.144.85.107 user=root Oct 13 09:35:53 16988 sshd[23185]:
> Failed password for root from 162.144.85.107 port 54846 ssh2 Oct 13
> 09:15:51 16988 sshd[21679]: pam_unix(sshd:auth): authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=103.136.106.74 user=root Oct 13
> 09:15:53 16988 sshd[21679]: Failed password for root from 103.136.106.74
> port 49814 ssh2 Oct 13 09:37:06 16988 sshd[23324]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=89.37.193.207 user=root IP Addresses Blocked: 162.144.85.107
> (US/United States/162-144-85-107.unifiedlayer.com) 103.136.106.74
> (BD/Bangladesh/-)
> *2025-10-13 14:36*.*Categories:* Port Scan.
> *Comment:* ports, 22/24H:1/7D:1
> *2025-10-13 13:57*.*Categories:* Brute-Force, SSH.
> *Comment:* Oct 13 13:54:33 ubuntu sshd[1495434]: Failed password for root
> from 89.37.193.207 port 46814 ssh2 Oct 13 13:55:51 ubuntu sshd[1495479]:
> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
> ruser= rhost=89.37.193.207 user=root Oct 13 13:55:54 ubuntu sshd[1495479]:
> Failed password for root from 89.37.193.207 port 45450 ssh2 Oct 13 13:57:12
> ubuntu sshd[1495481]: pam_unix(sshd:auth): authentication failure; logname=
> uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root Oct 13 13:57:14
> ubuntu sshd[1495481]: Failed password for root from 89.37.193.207 port
> 36318 ssh2 …
> *2025-10-13 13:53*.*Categories:* Brute-Force, SSH.
> *Comment:* (sshd) Failed SSH login from 89.37.193.207 (RU/Russia/-): 5 in
> the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Oct 13
> 08:48:15 18800 sshd[5177]: pam_unix(sshd:auth): authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root Oct 13
> 08:48:17 18800 sshd[5177]: Failed password for root from 89.37.193.207 port
> 59244 ssh2 Oct 13 08:52:11 18800 sshd[5483]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=89.37.193.207 user=root Oct 13 08:52:13 18800 sshd[5483]: Failed
> password for root from 89.37.193.207 port 37308 ssh2 Oct 13 08:53:36 18800
> sshd[5563]: pam_unix(sshd:auth): authentication failure; logname= uid=0
> euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root
> *2025-10-13 13:50*.*Categories:* Port Scan, Brute-Force, SSH.
> *Comment:* Port probe to tcp/22 (ssh) [srv124]
> *2025-10-13 12:37*.*Categories:* Brute-Force.
> *Comment:* $f2bV_matches
> *2025-10-13 12:31*.*Categories:* Brute-Force, Web App Attack,
> SSH.
> *Comment:* Automatic Reporting — Brute Force Attempts
> *2025-10-13 12:27*.*Categories:* Brute-Force, SSH.
> *Comment:* (sshd) Failed SSH login from 89.37.193.207 (RU/Russia/-): 5 in
> the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Oct 13
> 07:24:25 14113 sshd[19528]: Invalid user www from 89.37.193.207 port 41110
> Oct 13 07:24:26 14113 sshd[19528]: Failed password for invalid user www
> from 89.37.193.207 port 41110 ssh2 Oct 13 07:26:15 14113 sshd[19819]:
> Invalid user zenith from 89.37.193.207 port 41454 Oct 13 07:26:17 14113
> sshd[19819]: Failed password for invalid user zenith from 89.37.193.207
> port 41454 ssh2 Oct 13 07:27:43 14113 sshd[20015]: Invalid user pippo from
> 89.37.193.207 port 39566
> *2025-10-13 12:27*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-13T05:23:56.977096-07:00 dmit-vm-pro-plamspring-lax
> sshd[764308]: Invalid user www from 89.37.193.207 port 35832
> 2025-10-13T05:26:04.546496-07:00 dmit-vm-pro-plamspring-lax sshd[764331]:
> Invalid user zenith from 89.37.193.207 port 50244
> 2025-10-13T05:27:33.163463-07:00 dmit-vm-pro-plamspring-lax sshd[764360]:
> Invalid user pippo from 89.37.193.207 port 55012 …
> *2025-10-13 12:21*.*Categories:* Brute-Force, SSH.
> *Comment:* Oct 13 12:21:35 Sildom2 sshd[1229482]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=89.37.193.207 Oct 13 12:21:37 Sildom2 sshd[1229482]: Failed password
> for invalid user www from 89.37.193.207 port 40774 ssh2 …
> *2025-10-13 11:43*.*Categories:* Hacking, Brute-Force, SSH.
> *Comment:* Oct 13 11:40:42 lewisgillcom sshd[3459673]: Failed password
> for invalid user nominatim from 89.37.193.207 port 57956 ssh2 Oct 13
> 11:42:07 lewisgillcom sshd[3460070]: Invalid user admin1 from 89.37.193.207
> port 52242 Oct 13 11:42:07 lewisgillcom sshd[3460070]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=89.37.193.207 Oct 13 11:42:09 lewisgillcom sshd[3460070]: Failed
> password for invalid user admin1 from 89.37.193.207 port 52242 ssh2 Oct 13
> 11:43:27 lewisgillcom sshd[3460272]: Invalid user csgoserver from
> 89.37.193.207 port 42234 …
> *2025-10-13 11:43*.*Categories:* Brute-Force, SSH.
> *Comment:* (sshd) Failed SSH login from 89.37.193.207 (RU/Russia/-): 5 in
> the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Oct 13
> 06:39:32 16144 sshd[17009]: Invalid user nominatim from 89.37.193.207 port
> 54152 Oct 13 06:39:34 16144 sshd[17009]: Failed password for invalid user
> nominatim from 89.37.193.207 port 54152 ssh2 Oct 13 06:41:46 16144
> sshd[17161]: Invalid user admin1 from 89.37.193.207 port 36398 Oct 13
> 06:41:48 16144 sshd[17161]: Failed password for invalid user admin1 from
> 89.37.193.207 port 36398 ssh2 Oct 13 06:43:07 16144 sshd[17285]: Invalid
> user csgoserver from 89.37.193.207 port 55238
> *2025-10-13 11:42*.*Categories:* Brute-Force, SSH.
> *Comment:* Oct 13 13:38:39 main1 sshd[1259360]: Invalid user nominatim
> from 89.37.193.207 port 40834 Oct 13 13:41:28 main1 sshd[1259795]: Invalid
> user admin1 from 89.37.193.207 port 57314 Oct 13 13:42:49 main1
> sshd[1260121]: Invalid user csgoserver from 89.37.193.207 port 37792 …
> *2025-10-13 11:42*.*Categories:* Brute-Force, SSH.
> *Comment:* Oct 13 13:37:51 bonsai sshd[13617]: Invalid user nominatim
> from 89.37.193.207 Oct 13 13:41:12 bonsai sshd[24278]: Invalid user admin1
> from 89.37.193.207 Oct 13 13:42:32 bonsai sshd[24462]: Invalid user
> csgoserver from 89.37.193.207 …
> *2025-10-13 11:41*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-13T11:39:11.931093+00:00 nextcloud sshd[1631196]:
> Failed password for invalid user nominatim from 89.37.193.207 port 49502
> ssh2 2025-10-13T11:41:38.303284+00:00 nextcloud sshd[1631425]: Invalid user
> admin1 from 89.37.193.207 port 52414 2025-10-13T11:41:38.310137+00:00
> nextcloud sshd[1631425]: pam_unix(sshd:auth): authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207
> 2025-10-13T11:41:40.109331+00:00 nextcloud sshd[1631425]: Failed password
> for invalid user admin1 from 89.37.193.207 port 52414 ssh2 …
> *2025-10-13 11:41*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-13T11:39:08.746220+00:00 polaris sshd[1089930]:
> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
> ruser= rhost=89.37.193.207 2025-10-13T11:39:10.274378+00:00 polaris
> sshd[1089930]: Failed password for invalid user nominatim from
> 89.37.193.207 port 60026 ssh2 2025-10-13T11:41:38.011958+00:00 polaris
> sshd[1090216]: Invalid user admin1 from 89.37.193.207 port 46032 …
> *2025-10-13 10:53*.*Categories:* Brute-Force, SSH.
> *Comment:* (sshd) Failed SSH login from 89.37.193.207 (RU/Russia/-): 5 in
> the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Oct 13
> 05:49:26 15423 sshd[16111]: Invalid user huawei from 89.37.193.207 port
> 49750 Oct 13 05:49:28 15423 sshd[16111]: Failed password for invalid user
> huawei from 89.37.193.207 port 49750 ssh2 Oct 13 05:51:40 15423
> sshd[16269]: Invalid user ark from 89.37.193.207 port 54154 Oct 13 05:51:42
> 15423 sshd[16269]: Failed password for invalid user ark from 89.37.193.207
> port 54154 ssh2 Oct 13 05:53:00 15423 sshd[16352]: Invalid user ahsan from
> 89.37.193.207 port 37726
> *2025-10-13 10:50*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-13T12:50:36.548121+02:00 main sshd[520550]: Invalid
> user huawei from 89.37.193.207 port 57578 …
> *2025-10-13 10:27*.*Categories:* Brute-Force, SSH.
> *Comment:* Oct 13 12:26:21 pegasus sshd[2728847]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=89.37.193.207 user=root Oct 13 12:26:23 pegasus sshd[2728847]: Failed
> password for root from 89.37.193.207 port 42138 ssh2 Oct 13 12:27:38
> pegasus sshd[2729057]: Invalid user geek from 89.37.193.207 port 49092 Oct
> 13 12:27:38 pegasus sshd[2729057]: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207 Oct 13
> 12:27:39 pegasus sshd[2729057]: Failed password for invalid user geek from
> 89.37.193.207 port 49092 ssh2
> *2025-10-13 10:05*.*Categories:* Brute-Force, SSH.
> *Comment:* CrowdSec engine detected malicious behavior. Scenario
> ‘crowdsecurity/ssh-slow-bf’ triggered with 17 events.
> *2025-10-13 10:03*.*Categories:* Brute-Force, SSH.
> *Comment:* (sshd) Failed SSH login from 89.37.193.207 (RU/Russia/-): 5 in
> the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Oct 13
> 04:59:23 15486 sshd[23741]: pam_unix(sshd:auth): authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207 user=nginx Oct 13
> 04:59:25 15486 sshd[23741]: Failed password for nginx from 89.37.193.207
> port 53238 ssh2 Oct 13 05:02:11 15486 sshd[24004]: Invalid user runner from
> 89.37.193.207 port 38870 Oct 13 05:02:13 15486 sshd[24004]: Failed password
> for invalid user runner from 89.37.193.207 port 38870 ssh2 Oct 13 05:03:31
> 15486 sshd[24113]: Invalid user exx from 89.37.193.207 port 36638
> *2025-10-13 10:03*.*Categories:* Brute-Force, SSH.
> *Comment:* Oct 13 12:02:32 pegasus sshd[2721607]: Invalid user runner
> from 89.37.193.207 port 58836 Oct 13 12:02:32 pegasus sshd[2721607]:
> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
> ruser= rhost=89.37.193.207 Oct 13 12:02:34 pegasus sshd[2721607]: Failed
> password for invalid user runner from 89.37.193.207 port 58836 ssh2 Oct 13
> 12:03:51 pegasus sshd[2722217]: Invalid user exx from 89.37.193.207 port
> 33604
> *2025-10-13 09:15*.*Categories:* Brute-Force, SSH.
> *Comment:* $f2bV_matches
> *2025-10-13 08:53*.*Categories:* Brute-Force, SSH.
> *Comment:* Oct 13 10:44:53 hydrogen sshd[3917746]: Invalid user zzl from
> 89.37.193.207 port 40866 Oct 13 10:46:02 hydrogen sshd[3918398]: Invalid
> user penis from 89.37.193.207 port 58346 Oct 13 10:47:15 hydrogen
> sshd[3918911]: Invalid user chris from 89.37.193.207 port 56308 Oct 13
> 10:48:21 hydrogen sshd[3919456]: Invalid user ftpuser from 89.37.193.207
> port 35466 Oct 13 10:53:09 hydrogen sshd[3921790]: Invalid user fabian from
> 89.37.193.207 port 55464 …
> *2025-10-13 08:34*.*Categories:* Brute-Force, SSH.
> *Comment:* Oct 13 10:25:12 hydrogen sshd[3908060]: Invalid user seven
> from 89.37.193.207 port 58806 Oct 13 10:28:22 hydrogen sshd[3909542]:
> Invalid user school from 89.37.193.207 port 41100 Oct 13 10:30:39 hydrogen
> sshd[3910692]: Invalid user iptv from 89.37.193.207 port 51236 Oct 13
> 10:33:06 hydrogen sshd[3911856]: Invalid user daniel from 89.37.193.207
> port 58760 Oct 13 10:34:18 hydrogen sshd[3912382]: Invalid user holu from
> 89.37.193.207 port 39830 …
> *2025-10-13 08:27*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-13T10:25:54.538753+02:00 rpi4 sshd[5049]: Invalid user
> seven from 89.37.193.207 port 42920 2025-10-13T10:25:54.561594+02:00 rpi4
> sshd[5049]: pam_unix(sshd:auth): authentication failure; logname= uid=0
> euid=0 tty=ssh ruser= rhost=89.37.193.207 2025-10-13T10:25:56.111919+02:00
> rpi4 sshd[5049]: Failed password for invalid user seven from 89.37.193.207
> port 42920 ssh2 2025-10-13T10:27:07.966792+02:00 rpi4 sshd[5068]:
> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
> ruser= rhost=89.37.193.207 user=root 2025-10-13T10:27:09.205746+02:00 rpi4
> sshd[5068]: Failed password for root from 89.37.193.207 port 53692 ssh2 …
> *2025-10-13 08:24*.*Categories:* Brute-Force.
> *Comment:* Oct 13 08:24:55 hecnet-us-east-gw sshd[98568]: Invalid user
> cloud from 89.37.193.207 port 46084 Oct 13 08:24:57 hecnet-us-east-gw
> sshd[98568]: Failed password for invalid user cloud from 89.37.193.207 port
> 46084 ssh2 Oct 13 08:24:57 hecnet-us-east-gw sshd[98568]: Disconnected from
> invalid user cloud 89.37.193.207 port 46084 [preauth] …
> *2025-10-13 08:15*.*Categories:* Brute-Force, SSH.
> *Comment:* 89.37.193.207 (RU/Russia/-), 5 distributed sshd attacks on
> account [root] in the last 3600 secs; Ports: *; Direction: 1; Trigger:
> LF_DISTATTACK; Logs: Oct 13 02:27:46 13144 sshd[12807]:
> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
> ruser= rhost=23.94.182.3 user=root Oct 13 02:27:49 13144 sshd[12807]:
> Failed password for root from 23.94.182.3 port 56948 ssh2 Oct 13 03:14:59
> 13144 sshd[17220]: pam_unix(sshd:auth): authentication failure; logname=
> uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root Oct 13 03:15:01
> 13144 sshd[17220]: Failed password for root from 89.37.193.207 port 34724
> ssh2 Oct 13 02:28:26 13144 sshd[12878]: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.182.3 user=root
> IP Addresses Blocked: 23.94.182.3 (US/United States/
> 23-94-182-3-host.colocrossing.com)
> *2025-10-13 08:14*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-13T10:14:59.181747+02:00 psifactor
> sshd-session[3471263]: Disconnected from authenticating user root
> 89.37.193.207 port 56660 [preauth] … (mode: instant ban, root access or
> sth similar)
> *2025-10-13 08:11*.*Categories:* Brute-Force, SSH.
> *Comment:* Oct 13 05:11:59 vidsell sshd[3316863]: Invalid user deploy
> from 89.37.193.207 port 50940 Oct 13 05:11:59 vidsell sshd[3316863]:
> Disconnected from invalid user deploy 89.37.193.207 port 50940 [preauth] …
> *2025-10-13 07:51*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-13T07:44:31.505422+00:00 scw-871879 sshd[1465195]:
> Invalid user admin1234 from 89.37.193.207 port 49058
> 2025-10-13T07:48:03.347868+00:00 scw-871879 sshd[1465551]: Invalid user
> user from 89.37.193.207 port 48088 2025-10-13T07:49:12.616964+00:00
> scw-871879 sshd[1465745]: Invalid user user14 from 89.37.193.207 port 53252
> 2025-10-13T07:50:19.916176+00:00 scw-871879 sshd[1465784]: Invalid user
> mark from 89.37.193.207 port 53178 2025-10-13T07:51:30.580945+00:00
> scw-871879 sshd[1465885]: Invalid user dps from 89.37.193.207 port 38542 …
> *2025-10-13 07:33*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-13T07:23:51.487923+00:00 scw-871879 sshd[1463467]:
> Invalid user denes from 89.37.193.207 port 51822
> 2025-10-13T07:26:59.994943+00:00 scw-871879 sshd[1463604]: Invalid user
> helen from 89.37.193.207 port 34988 2025-10-13T07:29:33.468343+00:00
> scw-871879 sshd[1463718]: Invalid user kariman from 89.37.193.207 port
> 55148 2025-10-13T07:30:42.140898+00:00 scw-871879 sshd[1463762]: Invalid
> user deploy from 89.37.193.207 port 44838 2025-10-13T07:33:52.031023+00:00
> scw-871879 sshd[1464046]: Invalid user holu from 89.37.193.207 port 45688
> …
> *2025-10-13 07:30*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-13T09:24:07.169925+02:00 axisverse
> sshd-session[3564307]: Invalid user denes from 89.37.193.207 port 34326
> 2025-10-13T09:27:04.054740+02:00 axisverse sshd-session[3572021]: Invalid
> user helen from 89.37.193.207 port 55078 2025-10-13T09:30:45.684764+02:00
> axisverse sshd-session[3579520]: Invalid user deploy from 89.37.193.207
> port 55294 …
> *2025-10-13 07:30*.*Categories:* SSH.
> *Comment:* SSH brute-force attempt detected by Fail2Ban
> *2025-10-13 07:28*.*Categories:* Brute-Force, SSH.
> *Comment:* (sshd) Failed SSH login from 89.37.193.207 (RU/Russia/-): 5 in
> the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Oct 13
> 02:24:23 9759 sshd[26791]: Invalid user denes from 89.37.193.207 port 58012
> Oct 13 02:24:25 9759 sshd[26791]: Failed password for invalid user denes
> from 89.37.193.207 port 58012 ssh2 Oct 13 02:27:09 9759 sshd[27185]:
> Invalid user helen from 89.37.193.207 port 53186 Oct 13 02:27:11 9759
> sshd[27185]: Failed password for invalid user helen from 89.37.193.207 port
> 53186 ssh2 Oct 13 02:28:27 9759 sshd[27282]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=89.37.193.207 user=root
> *2025-10-13 07:14*.*Categories:* Brute-Force, SSH.
> *Comment:* SSH abuse or brute-force attack detected by Fail2Ban in ssh
> jail
> *2025-10-13 07:13*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-13T07:08:41.819592+00:00 de-fsn1-sbc1 sshd[4054492]:
> Invalid user arkserver from 89.37.193.207 port 50230
> 2025-10-13T07:11:20.735865+00:00 de-fsn1-sbc1 sshd[4054509]: Invalid user
> ftpuser from 89.37.193.207 port 48370 2025-10-13T07:13:56.776703+00:00
> de-fsn1-sbc1 sshd[4054551]: Invalid user seafile from 89.37.193.207 port
> 43776 …
> *2025-10-13 07:12*.*Categories:* Brute-Force, SSH.
> *Comment:* Oct 13 08:11:24 nervous-edison8 sshd[3729837]: Invalid user
> ftpuser from 89.37.193.207 port 53928 Oct 13 08:11:24 nervous-edison8
> sshd[3729837]: pam_unix(sshd:auth): authentication failure; logname= uid=0
> euid=0 tty=ssh ruser= rhost=89.37.193.207 Oct 13 08:11:25 nervous-edison8
> sshd[3729837]: Failed password for invalid user ftpuser from 89.37.193.207
> port 53928 ssh2 Oct 13 08:12:43 nervous-edison8 sshd[3730403]:
> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
> ruser= rhost=89.37.193.207 user=root Oct 13 08:12:45 nervous-edison8
> sshd[3730403]: Failed password for root from 89.37.193.207 port 38352 ssh2
> …
> *2025-10-13 07:12*.*Categories:* Brute-Force, SSH.
> *Comment:* SG02-GC: SSH Brute Force from 89.37.193.207 at 2025-10-13
> 12:42:20 IST
> *2025-10-13 07:11*.*Categories:* Brute-Force, SSH.
> *Comment:* $f2bV_matches
> *2025-10-13 07:08*.*Categories:* SSH.
> *Comment:* Fail2Ban SSH login block from 89.37.193.207
> *2025-10-13 07:04*.*Categories:* DDoS Attack Participating, Ping
> of Death, Web Spam, Email Spam, Brute-Force, Bad Web Bot, SSH.
> *Comment:* Oct 13 09:00:43 v2202301167543214332 sshd[1313515]: Failed
> password for invalid user botuser from 89.37.193.207 port 33280 ssh2 Oct 13
> 09:02:22 v2202301167543214332 sshd[1313534]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=89.37.193.207 user=root Oct 13 09:02:24 v2202301167543214332
> sshd[1313534]: Failed password for root from 89.37.193.207 port 58908 ssh2
> Oct 13 09:04:03 v2202301167543214332 sshd[1313541]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=89.37.193.207 user=root Oct 13 09:04:05 v2202301167543214332
> sshd[1313541]: Failed password for root from 89.37.193.207 port 54548 ssh2
> …
> *2025-10-13 06:47*.*Categories:* DDoS Attack Participating, Ping
> of Death, Web Spam, Email Spam, Brute-Force, Bad Web Bot, SSH.
> *Comment:* Oct 13 08:46:12 v2202301167543214332 sshd[1313318]: Invalid
> user frappe from 89.37.193.207 port 47288 Oct 13 08:46:12
> v2202301167543214332 sshd[1313318]: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207 Oct 13
> 08:46:12 v2202301167543214332 sshd[1313318]: Invalid user frappe from
> 89.37.193.207 port 47288 Oct 13 08:46:14 v2202301167543214332
> sshd[1313318]: Failed password for invalid user frappe from 89.37.193.207
> port 47288 ssh2 Oct 13 08:47:49 v2202301167543214332 sshd[1313338]: Invalid
> user vpn from 89.37.193.207 port 46024 …
> *2025-10-13 06:31*.*Categories:* DDoS Attack Participating, Ping
> of Death, Web Spam, Email Spam, Brute-Force, Bad Web Bot, SSH.
> *Comment:* Oct 13 08:28:22 v2202301167543214332 sshd[1312971]: Failed
> password for root from 89.37.193.207 port 58986 ssh2 Oct 13 08:29:58
> v2202301167543214332 sshd[1312978]: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root
> Oct 13 08:30:00 v2202301167543214332 sshd[1312978]: Failed password for
> root from 89.37.193.207 port 45548 ssh2 Oct 13 08:31:38
> v2202301167543214332 sshd[1313005]: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root
> Oct 13 08:31:40 v2202301167543214332 sshd[1313005]: Failed password for
> root from 89.37.193.207 port 39816 ssh2 …
> *2025-10-13 06:20*.*Categories:* Brute-Force.
> *Comment:* Oct 13 06:19:00 bud01-01-vpn sshd[183862]: Failed password for
> root from 89.37.193.207 port 36208 ssh2 Oct 13 06:20:33 bud01-01-vpn
> sshd[183919]: pam_unix(sshd:auth): authentication failure; logname= uid=0
> euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root Oct 13 06:20:35
> bud01-01-vpn sshd[183919]: Failed password for root from 89.37.193.207 port
> 40940 ssh2 …
> *2025-10-13 06:14*.*Categories:* DDoS Attack Participating, Ping
> of Death, Web Spam, Email Spam, Brute-Force, Bad Web Bot, SSH.
> *Comment:* Oct 13 08:11:12 v2202301167543214332 sshd[1312798]: Failed
> password for root from 89.37.193.207 port 45456 ssh2 Oct 13 08:12:38
> v2202301167543214332 sshd[1312817]: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root
> Oct 13 08:12:40 v2202301167543214332 sshd[1312817]: Failed password for
> root from 89.37.193.207 port 43508 ssh2 Oct 13 08:14:02
> v2202301167543214332 sshd[1312821]: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root
> Oct 13 08:14:04 v2202301167543214332 sshd[1312821]: Failed password for
> root from 89.37.193.207 port 51420 ssh2 …
> *2025-10-13 06:13*.*Categories:* Brute-Force, SSH.
> *Comment:* (sshd) Failed SSH login from 89.37.193.207 (RU/Russia/-): 10
> in the last 3600 secs
> *2025-10-13 06:13*.*Categories:* Brute-Force.
> *Comment:* [sshd] (D1_AjieDevAIO-IP-126) Fail2Ban Jail: sshd auto-report
> *2025-10-13 06:10*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-13T06:09:02.631165+00:00 edge-con-sao01.int.pdx.net.uk
> sshd[1525991]: Failed password for root from 89.37.193.207 port 57724 ssh2
> 2025-10-13T06:10:25.253561+00:00 edge-con-sao01.int.pdx.net.uk
> sshd[1526413]: pam_unix(sshd:auth): authentication failure; logname= uid=0
> euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root
> 2025-10-13T06:10:27.031197+00:00 edge-con-sao01.int.pdx.net.uk
> sshd[1526413]: Failed password for root from 89.37.193.207 port 35438 ssh2
> …
> *2025-10-13 06:10*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-13T06:06:14.169430+00:00 eu-north-sto1 sshd[1074416]:
> Disconnected from authenticating user root 89.37.193.207 port 45108
> [preauth] 2025-10-13T06:09:00.478611+00:00 eu-north-sto1 sshd[1083926]:
> Disconnected from authenticating user root 89.37.193.207 port 44486
> [preauth] 2025-10-13T06:10:24.901949+00:00 eu-north-sto1 sshd[1089088]:
> Disconnected from authenticating user root 89.37.193.207 port 49004
> [preauth] …
> *2025-10-13 06:08*.*Categories:* Brute-Force, SSH.
> *Comment:* 89.37.193.207 (RU/Russia/-), 5 distributed sshd attacks on
> account [root] in the last 3600 secs; Ports: *; Direction: 1; Trigger:
> LF_DISTATTACK; Logs: Oct 13 00:57:51 14499 sshd[12114]:
> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
> ruser= rhost=152.32.163.183 user=root Oct 13 00:57:54 14499 sshd[12114]:
> Failed password for root from 152.32.163.183 port 53050 ssh2 Oct 13
> 01:07:50 14499 sshd[13056]: pam_unix(sshd:auth): authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root Oct 13
> 01:05:33 14499 sshd[12888]: pam_unix(sshd:auth): authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=119.96.191.166 user=root Oct 13
> 01:05:35 14499 sshd[12888]: Failed password for root from 119.96.191.166
> port 59978 ssh2 IP Addresses Blocked: 152.32.163.183 (VN/Vietnam/-)
> *2025-10-13 05:51*.*Categories:* Brute-Force, SSH.
> *Comment:* Oct 13 05:48:46 webundsoshit sshd[3550224]:
> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
> ruser= rhost=89.37.193.207 user=root Oct 13 05:48:47 webundsoshit
> sshd[3550224]: Failed password for root from 89.37.193.207 port 38486 ssh2
> Oct 13 05:49:57 webundsoshit sshd[3550430]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=89.37.193.207 user=root Oct 13 05:49:59 webundsoshit sshd[3550430]:
> Failed password for root from 89.37.193.207 port 51360 ssh2 Oct 13 05:51:11
> webundsoshit sshd[3550744]: Invalid user deploy from 89.37.193.207 port
> 40280 …
> *2025-10-13 05:23*.*Categories:* Brute-Force, SSH.
> *Comment:* Oct 13 05:21:58 webundsoshit sshd[3544787]:
> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
> ruser= rhost=89.37.193.207 Oct 13 05:22:00 webundsoshit sshd[3544787]:
> Failed password for invalid user bigdata from 89.37.193.207 port 40826 ssh2
> Oct 13 05:23:14 webundsoshit sshd[3545107]: Invalid user newuser1 from
> 89.37.193.207 port 35244 Oct 13 05:23:14 webundsoshit sshd[3545107]:
> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
> ruser= rhost=89.37.193.207 Oct 13 05:23:16 webundsoshit sshd[3545107]:
> Failed password for invalid user newuser1 from 89.37.193.207 port 35244
> ssh2 …
> *2025-10-13 05:22*.*Categories:* Brute-Force, SSH.
> *Comment:* (sshd) Failed SSH login from 89.37.193.207 (RU/Russia/-): 5 in
> the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Oct 13
> 00:18:49 21567 sshd[31938]: pam_unix(sshd:auth): authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root Oct 13
> 00:18:51 21567 sshd[31938]: Failed password for root from 89.37.193.207
> port 50966 ssh2 Oct 13 00:21:27 21567 sshd[32160]: Invalid user bigdata
> from 89.37.193.207 port 53226 Oct 13 00:21:29 21567 sshd[32160]: Failed
> password for invalid user bigdata from 89.37.193.207 port 53226 ssh2 Oct 13
> 00:22:46 21567 sshd[32593]: Invalid user newuser1 from 89.37.193.207 port
> 51166
> *2025-10-13 05:21*.*Categories:* Brute-Force, SSH.
> *Comment:* Oct 12 23:21:51 b146-17 sshd[1443617]: Invalid user bigdata
> from 89.37.193.207 port 33630 Oct 12 23:21:51 b146-17 sshd[1443617]:
> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
> ruser= rhost=89.37.193.207 Oct 12 23:21:53 b146-17 sshd[1443617]: Failed
> password for invalid user bigdata from 89.37.193.207 port 33630 ssh2 …
> *2025-10-13 04:36*.*Categories:* Brute-Force, SSH.
> *Comment:* (sshd) Failed SSH login from 89.37.193.207 (AE/United Arab
> Emirates/-)
> *2025-10-13 04:32*.*Categories:* Brute-Force, SSH.
> *Comment:* (sshd) Failed SSH login from 89.37.193.207 (RU/Russia/-): 5 in
> the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Oct 12
> 23:29:09 17911 sshd[11923]: Invalid user eliot from 89.37.193.207 port
> 59440 Oct 12 23:29:10 17911 sshd[11923]: Failed password for invalid user
> eliot from 89.37.193.207 port 59440 ssh2 Oct 12 23:30:54 17911 sshd[12120]:
> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
> ruser= rhost=89.37.193.207 user=root Oct 12 23:30:57 17911 sshd[12120]:
> Failed password for root from 89.37.193.207 port 46058 ssh2 Oct 12 23:32:09
> 17911 sshd[12326]: pam_unix(sshd:auth): authentication failure; logname=
> uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root
> *2025-10-13 04:30*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-13T06:28:30.638277+02:00 games.mrejata.eu
> sshd[545772]: Failed password for invalid user eliot from 89.37.193.207
> port 56124 ssh2 2025-10-13T06:30:42.373214+02:00 games.mrejata.eu
> sshd[545780]: pam_unix(sshd:auth): authentication failure; logname= uid=0
> euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root
> 2025-10-13T06:30:44.592754+02:00 games.mrejata.eu sshd[545780]: Failed
> password for root from 89.37.193.207 port 34870 ssh2 …
> *2025-10-13 04:30*.*Categories:* Brute-Force, SSH.
> *Comment:* Fail2Ban: activité malveillante détectée (jail: sshd)
> *2025-10-13 04:01*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-12T22:54:56.304496-05:00 instance-20240522-152753
> sshd[1174946]: Invalid user zs from 89.37.193.207 port 56480
> 2025-10-12T22:57:28.731436-05:00 instance-20240522-152753 sshd[1175038]:
> Invalid user adminuser from 89.37.193.207 port 39926
> 2025-10-12T22:58:45.512430-05:00 instance-20240522-152753 sshd[1175062]:
> Invalid user abe from 89.37.193.207 port 34202
> 2025-10-12T23:01:13.439381-05:00 instance-20240522-152753 sshd[1175622]:
> Invalid user dat from 89.37.193.207 port 36582 …
> *2025-10-13 03:50*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-13T03:51:19.757629+00:00 prod-westeu sshd[2607551]:
> Invalid user spike from 89.37.193.207 port 36332
> 2025-10-13T03:51:19.761747+00:00 prod-westeu sshd[2607551]:
> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
> ruser= rhost=89.37.193.207 2025-10-13T03:51:21.916076+00:00 prod-westeu
> sshd[2607551]: Failed password for invalid user spike from 89.37.193.207
> port 36332 ssh2 …
> *2025-10-13 03:45*.*Categories:* SSH.
> *Comment:* Attempts to access SSH server with wrong credentials
> *2025-10-13 03:44*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-12T22:39:25.215494-05:00 instance-20240522-152753
> sshd[1174004]: Invalid user add from 89.37.193.207 port 36906
> 2025-10-12T22:41:34.369775-05:00 instance-20240522-152753 sshd[1174099]:
> Invalid user casino from 89.37.193.207 port 60258
> 2025-10-12T22:42:51.042074-05:00 instance-20240522-152753 sshd[1174128]:
> Invalid user ram from 89.37.193.207 port 41632
> 2025-10-12T22:44:07.258418-05:00 instance-20240522-152753 sshd[1174177]:
> Invalid user spring from 89.37.193.207 port 58056 …
> *2025-10-13 03:42*.*Categories:* Brute-Force, SSH.
> *Comment:* (sshd) Failed SSH login from 89.37.193.207 (RU/Russia/-): 5 in
> the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Oct 12
> 22:37:54 14020 sshd[17779]: Invalid user add from 89.37.193.207 port 60594
> Oct 12 22:37:56 14020 sshd[17779]: Failed password for invalid user add
> from 89.37.193.207 port 60594 ssh2 Oct 12 22:41:05 14020 sshd[18131]:
> Invalid user casino from 89.37.193.207 port 51232 Oct 12 22:41:07 14020
> sshd[18131]: Failed password for invalid user casino from 89.37.193.207
> port 51232 ssh2 Oct 12 22:42:21 14020 sshd[18223]: Invalid user ram from
> 89.37.193.207 port 51670
> *2025-10-13 03:27*.*Categories:* Brute-Force, SSH.
> *Comment:* Oct 13 06:26:03 www7 sshd[2936448]: Invalid user yoga from
> 89.37.193.207 port 40622 Oct 13 06:26:06 www7 sshd[2936448]: Failed
> password for invalid user yoga from 89.37.193.207 port 40622 ssh2 Oct 13
> 06:27:15 www7 sshd[2936515]: Invalid user loc from 89.37.193.207 port 45646
> …
> *2025-10-13 03:20*.*Categories:* Brute-Force, SSH.
> *Comment:* SSH Brute force: 55 attempts were recorded from 89.37.193.207
> 2025-10-13T03:52:41+02:00 Invalid user vpn from 89.37.193.207 port 51274
> 2025-10-13T03:56:00+02:00 Invalid user lu from 89.37.193.207 port 57956
> 2025-10-13T03:57:29+02:00 Invalid user ubuntu from 89.37.193.207 port 33686
> 2025-10-13T03:59:02+02:00 Invalid user readonly from 89.37.193.207 port
> 47532 2025-10-13T04:00:30+02:00 Invalid user ubuntu from 89.37.193.207 port
> 36710 2025-10-13T04:01:59+02:00 Invalid user scpuser from 89.37.193.207
> port 47022 2025-10-13T04:03:30+02:00 Disconnected from authenticating user
> root 89.37.193.207 port 35386 [preauth] 2025-10-13T04:05:01+02:00 Invalid
> user penis from 89.37.193.207 port 56820 2025-10-13T04:06:28+02:00
> Disconnected from authenticating user root 89.37.193.207 port 33826
> [preauth] 2025-10-13T04:07:53+02:00 Invalid user vaibhav from 89.37.193.207
> port 54540 2025-10-13T04:09:25+02:00
> *2025-10-13 03:10*.*Categories:* Brute-Force, SSH.
> *Comment:* Oct 13 06:09:39 www7 sshd[2935471]: Invalid user tester from
> 89.37.193.207 port 57780 Oct 13 06:09:41 www7 sshd[2935471]: Failed
> password for invalid user tester from 89.37.193.207 port 57780 ssh2 Oct 13
> 06:10:47 www7 sshd[2935577]: Invalid user braga from 89.37.193.207 port
> 42086 …
> *2025-10-13 02:59*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-13T02:55:53.081765+00:00 Linux04 sshd[3202249]:
> Invalid user gavin from 89.37.193.207 port 45046
> 2025-10-13T02:55:53.086273+00:00 Linux04 sshd[3202249]:
> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
> ruser= rhost=89.37.193.207 2025-10-13T02:55:55.305639+00:00 Linux04
> sshd[3202249]: Failed password for invalid user gavin from 89.37.193.207
> port 45046 ssh2 2025-10-13T02:57:02.352056+00:00 Linux04 sshd[3205697]:
> Invalid user ftpuser from 89.37.193.207 port 39812
> 2025-10-13T02:57:02.353949+00:00 Linux04 sshd[3205697]:
> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
> ruser= rhost=89.37.193.207 2025-10-13T02:57:04.045635+00:00 Linux04
> sshd[3205697]: Failed password for invalid user ftpuser from 89.37.193.207
> port 39812 ssh2 2025-10-13T02:58:10.885953+00:00 Linux04 sshd[3208817]:
> Invalid user fox from 89.37.193.207 port 45592
> 2025-10-13T02:58:10.887771+00:00 Linux04 sshd[3208817]:
> pam_unix(sshd:auth): authentication failure; logn …
> *2025-10-13 02:57*.*Categories:* Brute-Force, SSH.
> *Comment:* [Fail2Ban:sshd-spray] …
> *2025-10-13 02:55*.*Categories:* Brute-Force, SSH.
> *Comment:* Oct 13 03:54:35 server sshd[3243695]: Failed password for root
> from 89.37.193.207 port 39662 ssh2 Oct 13 03:55:49 server sshd[3243851]:
> Invalid user gavin from 89.37.193.207 port 41888 Oct 13 03:55:49 server
> sshd[3243851]: pam_unix(sshd:auth): authentication failure; logname= uid=0
> euid=0 tty=ssh ruser= rhost=89.37.193.207 Oct 13 03:55:49 server
> sshd[3243851]: Invalid user gavin from 89.37.193.207 port 41888 Oct 13
> 03:55:52 server sshd[3243851]: Failed password for invalid user gavin from
> 89.37.193.207 port 41888 ssh2 …
> *2025-10-13 02:55*.*Categories:* Brute-Force, SSH.
> *Comment:* (sshd) Failed SSH login from 89.37.193.207 (RU/Russia/-): 5 in
> the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Oct 13
> 02:51:04 23953 sshd[14586]: Invalid user gits from 89.37.193.207 port 46974
> Oct 13 02:51:06 23953 sshd[14586]: Failed password for invalid user gits
> from 89.37.193.207 port 46974 ssh2 Oct 13 02:54:04 23953 sshd[14825]:
> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
> ruser= rhost=89.37.193.207 user=root Oct 13 02:54:06 23953 sshd[14825]:
> Failed password for root from 89.37.193.207 port 56406 ssh2 Oct 13 02:55:22
> 23953 sshd[14919]: Invalid user gavin from 89.37.193.207 port 41504
> *2025-10-13 02:54*.*Categories:* Brute-Force, SSH.
> *Comment:* Oct 13 05:51:22 www7 sshd[2933953]: Failed password for
> invalid user gits from 89.37.193.207 port 47604 ssh2 Oct 13 05:54:09 www7
> sshd[2934051]: pam_unix(sshd:auth): authentication failure; logname= uid=0
> euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root Oct 13 05:54:11 www7
> sshd[2934051]: Failed password for root from 89.37.193.207 port 57198 ssh2
> …
> *2025-10-13 02:53*.*Categories:* SSH.
> *Comment:* SSH bruteforce
> *2025-10-13 01:56*.*Categories:* Brute-Force, SSH.
> *Comment:* Brute-force SSH server detected by Fail2ban
> *2025-10-13 01:56*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-13T01:53:38.581194+00:00
> backup-309171561-ubuntu-4gb-fsn1-1 sshd[1745537]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=89.37.193.207 2025-10-13T01:53:40.716151+00:00
> backup-309171561-ubuntu-4gb-fsn1-1 sshd[1745537]: Failed password for
> invalid user vpn from 89.37.193.207 port 50922 ssh2
> 2025-10-13T01:56:22.373962+00:00 backup-309171561-ubuntu-4gb-fsn1-1
> sshd[1745588]: Invalid user lu from 89.37.193.207 port 34704 …
> *2025-10-13 01:52*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-13T09:52:48.622280+08:00 pbs sshd[3823865]:
> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
> ruser= rhost=89.37.193.207 2025-10-13T09:52:50.225618+08:00 pbs
> sshd[3823865]: Failed password for invalid user vpn from 89.37.193.207 port
> 45778 ssh2 …
> *2025-10-13 01:25*.*Categories:* Brute-Force.
> *Comment:* Brute force attempt — 3 login attempts (3 failed)
> *2025-10-13 01:20*.*Categories:* Port Scan, Brute-Force, SSH.
> *Comment:* Unauthorized connection attempt detected, SSH Brute-Force
> *2025-10-13 01:07*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-13T02:58:21.699546+02:00 misaka-vm-s3n-2c4g-ber
> sshd[2832483]: Invalid user deploy from 89.37.193.207 port 49578
> 2025-10-13T03:03:19.835692+02:00 misaka-vm-s3n-2c4g-ber sshd[2832534]:
> Invalid user vpn from 89.37.193.207 port 48866
> 2025-10-13T03:07:31.491050+02:00 misaka-vm-s3n-2c4g-ber sshd[2832550]:
> Invalid user hadi from 89.37.193.207 port 45386 …
> *2025-10-13 01:04*.*Categories:* Brute-Force, SSH.
> *Comment:* (sshd) Failed SSH login from 89.37.193.207 (RU/Russia/-): 5 in
> the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Oct 12
> 20:01:37 13593 sshd[28991]: Invalid user deploy from 89.37.193.207 port
> 36494 Oct 12 20:01:40 13593 sshd[28991]: Failed password for invalid user
> deploy from 89.37.193.207 port 36494 ssh2 Oct 12 20:03:07 13593
> sshd[29134]: pam_unix(sshd:auth): authentication failure; logname= uid=0
> euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root Oct 12 20:03:09 13593
> sshd[29134]: Failed password for root from 89.37.193.207 port 33058 ssh2
> Oct 12 20:04:24 13593 sshd[29211]: Invalid user vpn from 89.37.193.207 port
> 42844
> *2025-10-13 01:04*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-13T01:03:04.879144+00:00 my-vps sshd[1452850]:
> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
> ruser= rhost=89.37.193.207 user=root 2025-10-13T01:03:06.498186+00:00
> my-vps sshd[1452850]: Failed password for root from 89.37.193.207 port
> 37404 ssh2 2025-10-13T01:04:22.604149+00:00 my-vps sshd[1452854]: Invalid
> user vpn from 89.37.193.207 port 49358 2025-10-13T01:04:22.606953+00:00
> my-vps sshd[1452854]: pam_unix(sshd:auth): authentication failure; logname=
> uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207
> 2025-10-13T01:04:24.265715+00:00 my-vps sshd[1452854]: Failed password for
> invalid user vpn from 89.37.193.207 port 49358 ssh2 …
> *2025-10-13 01:03*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-13T03:02:40.728838+02:00 marvibiene sshd[695287]:
> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
> ruser= rhost=89.37.193.207 user=root 2025-10-13T03:02:42.387200+02:00
> marvibiene sshd[695287]: Failed password for root from 89.37.193.207 port
> 58972 ssh2 2025-10-13T03:03:56.785226+02:00 marvibiene sshd[695746]:
> Invalid user vpn from 89.37.193.207 port 50224
> 2025-10-13T03:03:56.787163+02:00 marvibiene sshd[695746]:
> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
> ruser= rhost=89.37.193.207 2025-10-13T03:03:58.546137+02:00 marvibiene
> sshd[695746]: Failed password for invalid user vpn from 89.37.193.207 port
> 50224 ssh2
> *2025-10-13 01:03*.*Categories:* Brute-Force, SSH.
> *Comment:* SSH Brute Force Attack from 89.37.193.207 Threat Details: —
> Type: SSH Brute Force Attack — Target Service: sshd-aggressive — Target
> Server: insightvm — Detection Time: 2025-10-13 03:03:04 — Source Country:
> United Arab Emirates — Source ISP: ABCVG — Reverse DNS: Description:
> Automated SSH login attempts detected from this IP address
> *2025-10-13 01:02*.*Categories:* Brute-Force, SSH.
> *Comment:* Oct 13 00:59:03 v4bgp sshd[602510]: Failed password for
> invalid user deploy from 89.37.193.207 port 42460 ssh2 Oct 13 01:02:17
> v4bgp sshd[602617]: pam_unix(sshd:auth): authentication failure; logname=
> uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root Oct 13 01:02:19
> v4bgp sshd[602617]: Failed password for root from 89.37.193.207 port 47170
> ssh2 …
> *2025-10-13 00:09*.*Categories:* Brute-Force, SSH.
> *Comment:* 2025-10-13T00:03:28.245250+00:00 edge-con-sjc01.int.pdx.net.uk
> sshd[2269718]: pam_unix(sshd:auth): authentication failure; logname= uid=0
> euid=0 tty=ssh ruser= rhost=89.37.193.207 2025-10-13T00:03:30.611667+00:00
> edge-con-sjc01.int.pdx.net.uk sshd[2269718]: Failed password for invalid
> user debian from 89.37.193.207 port 59238 ssh2
> 2025-10-13T00:09:08.136277+00:00 edge-con-sjc01.int.pdx.net.uk
> sshd[2272840]: Invalid user user3 from 89.37.193.207 port 42708 …
> *2025-10-13 00:06*.*Categories:* Brute-Force, SSH.
> *Comment:* SSH brute force
> *2025-10-13 00:05*.*Categories:* Brute-Force.
> *Comment:* SSH brute force attack detected: 5 failed attempts
> *2025-10-13 00:03*.*Categories:* Brute-Force, SSH.
> *Comment:* 89.37.193.207 (RU/Russia/-), 5 distributed sshd attacks on
> account [debian] in the last 3600 secs; Ports: *; Direction: 1; Trigger:
> LF_DISTATTACK; Logs: Oct 12 19:03:28 13301 sshd[6558]: Invalid user debian
> from 202.148.55.168 port 36244 Oct 12 19:02:53 13301 sshd[6370]: Invalid
> user debian from 78.47.144.126 port 38616 Oct 12 19:02:01 13301 sshd[6128]:
> Invalid user debian from 89.37.193.207 port 52298 Oct 12 19:02:02 13301
> sshd[6128]: Failed password for invalid user debian from 89.37.193.207 port
> 52298 ssh2 Oct 12 19:02:56 13301 sshd[6370]: Failed password for invalid
> user debian from 78.47.144.126 port 38616 ssh2 IP Addresses Blocked:
> 202.148.55.168 (NL/The Netherlands/-) 78.47.144.126 (DE/Germany/
> static.126.144.47.78.clients.your-server.de)
> Please go to the InterLIR Portal Abuses page
>
> for more information and *confirm* resolving the abuse.
> *Note:* if the abuse complaint is old and the problem has already been
> resolved, please *confirm* this in the dashboard.
> Have any question so far? Visit InterLIR Support
>
> or contact us
> .
>
> Thanks,
> InterLIR
> InterLIR GmbH, Berlin
>

Published by SpaceCore