Posted on by

Re: Abuse complaints

>> The details of the abuse-complaint are as follows:
>>
>> 89.37.193.207: *2025-10-20 04:26*.*Categories:* Brute-Force,
>> SSH.
>> *Comment:* SSH brute force
>> *2025-10-17 14:13*.*Categories:* Brute-Force, SSH.
>> *Comment:* SG02-GC: SSH Brute Force from 89.37.193.207 at 2025-10-17
>> 19:43:44 IST
>> *2025-10-15 23:30*.*Categories:* Brute-Force, SSH.
>> *Comment:* SSH brute force
>> *2025-10-15 20:11*.*Categories:* Brute-Force.
>> *Comment:* list.rtbh.com.tr report: tcp/0
>> *2025-10-14 20:11*.*Categories:* Brute-Force.
>> *Comment:* list.rtbh.com.tr report: tcp/0
>> *2025-10-14 03:19*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-14T05:17:47.020243+02:00 rico-j sshd[1483769]:
>> Connection from 89.37.193.207 port 32816 on 5.45.102.214 port 22 rdomain «»
>> 2025-10-14T05:17:47.347738+02:00 rico-j sshd[1483769]: Invalid user user14
>> from 89.37.193.207 port 32816 2025-10-14T05:19:00.602793+02:00 rico-j
>> sshd[1484910]: Connection from 89.37.193.207 port 36852 on 5.45.102.214
>> port 22 rdomain «» 2025-10-14T05:19:00.940340+02:00 rico-j sshd[1484910]:
>> Invalid user karthik from 89.37.193.207 port 36852 …
>> *2025-10-14 03:18*.*Categories:* Brute-Force, SSH.
>> *Comment:* (sshd) Failed SSH login from 89.37.193.207 (RU/Russia/-): 5
>> in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Oct
>> 13 22:14:51 14966 sshd[24656]: Invalid user tester from 89.37.193.207 port
>> 45690 Oct 13 22:14:53 14966 sshd[24656]: Failed password for invalid user
>> tester from 89.37.193.207 port 45690 ssh2 Oct 13 22:17:02 14966
>> sshd[25042]: Invalid user mgeweb from 89.37.193.207 port 53822 Oct 13
>> 22:17:04 14966 sshd[25042]: Failed password for invalid user mgeweb from
>> 89.37.193.207 port 53822 ssh2 Oct 13 22:18:18 14966 sshd[25252]: Invalid
>> user user14 from 89.37.193.207 port 40302
>> *2025-10-14 03:14*.*Categories:* Brute-Force, SSH.
>> *Comment:* Oct 14 16:12:57 mtl1 sshd-session[2797941]: Invalid user
>> tester from 89.37.193.207 port 38488
>> *2025-10-14 02:41*.*Categories:* Brute-Force, SSH.
>> *Comment:* Oct 14 04:34:24 vmi291233 sshd[2303293]: Invalid user
>> christine from 89.37.193.207 port 41740 Oct 14 04:35:38 vmi291233
>> sshd[2303313]: Invalid user scott from 89.37.193.207 port 56802 Oct 14
>> 04:39:10 vmi291233 sshd[2303427]: Invalid user sysadmin from 89.37.193.207
>> port 52862 Oct 14 04:40:23 vmi291233 sshd[2303438]: Invalid user r from
>> 89.37.193.207 port 43932 Oct 14 04:41:32 vmi291233 sshd[2303443]: Invalid
>> user zdy from 89.37.193.207 port 53182
>> *2025-10-14 02:40*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-14T02:35:14.047265+00:00 Linux07 sshd[501608]:
>> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
>> ruser= rhost=89.37.193.207 2025-10-14T02:35:16.055126+00:00 Linux07
>> sshd[501608]: Failed password for invalid user scott from 89.37.193.207
>> port 33122 ssh2 2025-10-14T02:36:26.682396+00:00 Linux07 sshd[504847]:
>> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
>> ruser= rhost=89.37.193.207 user=root 2025-10-14T02:36:28.575212+00:00
>> Linux07 sshd[504847]: Failed password for root from 89.37.193.207 port
>> 51224 ssh2 2025-10-14T02:37:34.644031+00:00 Linux07 sshd[507849]:
>> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
>> ruser= rhost=89.37.193.207 user=root 2025-10-14T02:37:36.536188+00:00
>> Linux07 sshd[507849]: Failed password for root from 89.37.193.207 port
>> 33322 ssh2 2025-10-14T02:38:46.515908+00:00 Linux07 sshd[510609]: Invalid
>> user sysadmin from 89.37.193.207 port 57684
>> 2025-10-14T02:38:46.518036+00:00 Linux07 …
>> *2025-10-14 02:37*.*Categories:* Brute-Force, SSH.
>> *Comment:* Oct 14 02:35:21 antti-vps2 sshd[744054]: Invalid user scott
>> from 89.37.193.207 port 48554 Oct 14 02:36:33 antti-vps2 sshd[744227]:
>> Connection from 89.37.193.207 port 43438 on 10.0.0.124 port 22 rdomain «»
>> Oct 14 02:36:33 antti-vps2 sshd[744227]: User root from 89.37.193.207 not
>> allowed because none of user’s groups are listed in AllowGroups Oct 14
>> 02:37:42 antti-vps2 sshd[744429]: Connection from 89.37.193.207 port 58504
>> on 10.0.0.124 port 22 rdomain «» Oct 14 02:37:42 antti-vps2 sshd[744429]:
>> User root from 89.37.193.207 not allowed because none of user’s groups are
>> listed in AllowGroups …
>> *2025-10-14 02:35*.*Categories:* Brute-Force, SSH.
>> *Comment:* DE902-V6-FFM: SSH Brute Force from 89.37.193.207 at
>> 2025-10-14 08:05:46 IST
>> *2025-10-14 02:34*.*Categories:* SSH.
>> *Comment:* 89.37.193.207 banned on rtr — Threshold reached: 5 failures
>> *2025-10-14 02:31*.*Categories:* Brute-Force, SSH.
>> *Comment:* 89.37.193.207 (PL/Poland/-), 5 distributed sshd attacks on
>> account [root] in the last 3600 secs; Ports: *; Direction: 1; Trigger:
>> LF_DISTATTACK; Logs: Oct 13 21:31:16 15140 sshd[16333]:
>> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
>> ruser= rhost=209.74.66.170 user=root Oct 13 21:30:14 15140 sshd[16264]:
>> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
>> ruser= rhost=89.37.193.207 user=root Oct 13 21:30:16 15140 sshd[16264]:
>> Failed password for root from 89.37.193.207 port 38370 ssh2 Oct 13 21:24:40
>> 15140 sshd[15884]: pam_unix(sshd:auth): authentication failure; logname=
>> uid=0 euid=0 tty=ssh ruser= rhost=4.224.36.103 user=root Oct 13 21:24:42
>> 15140 sshd[15884]: Failed password for root from 4.224.36.103 port 46496
>> ssh2 IP Addresses Blocked: 209.74.66.170 (US/United States/
>> monarchianistic-embracery.vpsrdns.web-hosting.com)
>> *2025-10-14 01:54*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-14T03:50:57.366308+02:00 axisverse
>> sshd-session[2328220]: Invalid user ftproot from 89.37.193.207 port 50050
>> 2025-10-14T03:53:21.997177+02:00 axisverse sshd-session[2332922]: Invalid
>> user ftpuser from 89.37.193.207 port 53654 2025-10-14T03:54:35.191506+02:00
>> axisverse sshd-session[2335276]: Invalid user lx from 89.37.193.207 port
>> 37946 …
>> *2025-10-14 01:51*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-14T02:51:00.545830+01:00 omega.nodes.sillydev.co.uk
>> sshd[2769533]: Invalid user ftproot from 89.37.193.207 port 42084
>> 2025-10-14T02:51:00.556579+01:00 omega.nodes.sillydev.co.uk
>> sshd[2769533]: pam_unix(sshd:auth): authentication failure; logname= uid=0
>> euid=0 tty=ssh ruser= rhost=89.37.193.207 2025-10-14T02:51:01.882799+01:00
>> omega.nodes.sillydev.co.uk sshd[2769533]: Failed password for invalid
>> user ftproot from 89.37.193.207 port 42084 ssh2 …
>> *2025-10-14 01:50*.*Categories:* Brute-Force, SSH.
>> *Comment:* Oct 14 03:46:51 [redacted] sshd[1462276]: Failed password for
>> root from 89.37.193.207 port 37736 ssh2 Oct 14 03:50:19 [redacted]
>> sshd[1462317]: Invalid user ftproot from 89.37.193.207 port 48880 …
>> *2025-10-14 01:49*.*Categories:* Port Scan.
>> *Comment:* ID: 5730368201 | PORT: 57545 |
>> https://89-37-193-207.scanthe.net
>> *2025-10-14 01:48*.*Categories:* Brute-Force, SSH.
>> *Comment:* 89.37.193.207 (RU/Russia/-), 5 distributed sshd attacks on
>> account [root] in the last 3600 secs; Ports: *; Direction: 1; Trigger:
>> LF_DISTATTACK; Logs: Oct 13 19:49:48 15757 sshd[5720]: pam_unix(sshd:auth):
>> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
>> rhost=201.6.100.191 user=root Oct 13 19:49:50 15757 sshd[5720]: Failed
>> password for root from 201.6.100.191 port 57170 ssh2 Oct 13 20:47:58 15757
>> sshd[10488]: pam_unix(sshd:auth): authentication failure; logname= uid=0
>> euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root Oct 13 20:48:00 15757
>> sshd[10488]: Failed password for root from 89.37.193.207 port 54106 ssh2
>> Oct 13 19:54:38 15757 sshd[6115]: pam_unix(sshd:auth): authentication
>> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.17.148.221
>> user=root IP Addresses Blocked: 201.6.100.191 (BR/Brazil/
>> c90664bf.static.spo.virtua.com.br)
>> *2025-10-14 01:28*.*Categories:* Brute-Force, SSH.
>> *Comment:* Oct 14 03:21:37 Debian-1010-buster-64-minimal sshd[1018209]:
>> Invalid user ftpuser from 89.37.193.207 port 59294 Oct 14 03:25:10
>> Debian-1010-buster-64-minimal sshd[1105361]: Invalid user mary from
>> 89.37.193.207 port 35886 Oct 14 03:26:17 Debian-1010-buster-64-minimal
>> sshd[1130108]: Invalid user arif from 89.37.193.207 port 38794 Oct 14
>> 03:27:23 Debian-1010-buster-64-minimal sshd[1155934]: Invalid user qui from
>> 89.37.193.207 port 33008 Oct 14 03:28:33 Debian-1010-buster-64-minimal
>> sshd[1181854]: Invalid user gogs from 89.37.193.207 port 40512 …
>> *2025-10-14 01:11*.*Categories:* Brute-Force, SSH.
>> *Comment:* Oct 14 03:05:16 Debian-1010-buster-64-minimal sshd[628861]:
>> Invalid user term2 from 89.37.193.207 port 38598 Oct 14 03:07:31
>> Debian-1010-buster-64-minimal sshd[683953]: Invalid user finance from
>> 89.37.193.207 port 37448 Oct 14 03:08:43 Debian-1010-buster-64-minimal
>> sshd[712486]: Invalid user ssm from 89.37.193.207 port 36330 Oct 14
>> 03:09:54 Debian-1010-buster-64-minimal sshd[740375]: Invalid user ubuntu
>> from 89.37.193.207 port 46868 Oct 14 03:11:04 Debian-1010-buster-64-minimal
>> sshd[769679]: Invalid user demo from 89.37.193.207 port 36096 …
>> *2025-10-14 01:08*.*Categories:* Brute-Force, SSH.
>> *Comment:* (sshd) Failed SSH login from 89.37.193.207 (RU/Russia/-): 5
>> in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Oct
>> 13 20:04:40 16484 sshd[15186]: Invalid user term2 from 89.37.193.207 port
>> 41832 Oct 13 20:04:43 16484 sshd[15186]: Failed password for invalid user
>> term2 from 89.37.193.207 port 41832 ssh2 Oct 13 20:07:21 16484 sshd[15573]:
>> Invalid user finance from 89.37.193.207 port 49526 Oct 13 20:07:23 16484
>> sshd[15573]: Failed password for invalid user finance from 89.37.193.207
>> port 49526 ssh2 Oct 13 20:08:33 16484 sshd[15745]: Invalid user ssm from
>> 89.37.193.207 port 50130
>> *2025-10-14 01:07*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-14T03:05:01.511829+02:00 terminator.powersource.cx
>> sshd-session[258941]: pam_unix(sshd:auth): authentication failure; logname=
>> uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207
>> 2025-10-14T03:05:04.122008+02:00 terminator.powersource.cx
>> sshd-session[258941]: Failed password for invalid user term2 from
>> 89.37.193.207 port 51312 ssh2 2025-10-14T03:07:26.454470+02:00
>> terminator.powersource.cx sshd-session[259155]: Invalid user finance
>> from 89.37.193.207 port 51650
>> *2025-10-14 01:04*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-14T01:04:26.798566+00:00 wn-us sshd[2002539]: Invalid
>> user term2 from 89.37.193.207 port 34910 …
>> *2025-10-14 00:39*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-14T01:24:02.539175+01:00 dasec-proxy-ssh
>> sshd[915313]: Invalid user helen from 89.37.193.207 port 57700
>> 2025-10-14T01:24:02.586317+01:00 dasec-proxy-ssh sshd[915313]: Disconnected
>> from invalid user helen 89.37.193.207 port 57700 [preauth]
>> 2025-10-14T01:25:44.989027+01:00 dasec-proxy-ssh sshd[915355]: Invalid user
>> ydy from 89.37.193.207 port 49302 2025-10-14T01:25:45.042787+01:00
>> dasec-proxy-ssh sshd[915355]: Disconnected from invalid user ydy
>> 89.37.193.207 port 49302 [preauth] 2025-10-14T01:27:01.374822+01:00
>> dasec-proxy-ssh sshd[915389]: Disconnected from authenticating user root
>> 89.37.193.207 port 51382 [preauth] 2025-10-14T01:28:12.697560+01:00
>> dasec-proxy-ssh sshd[915421]: Disconnected from authenticating user root
>> 89.37.193.207 port 37114 [preauth] 2025-10-14T01:29:20.182250+01:00
>> dasec-proxy-ssh sshd[915447]: Invalid user lee from 89.37.193.207 port
>> 55860 2025-10-14T01:29:20.228647+01:00 dasec-proxy-ssh sshd[915447]:
>> Disconnected from invalid user lee 89.37.193.207 port 5 …
>> *2025-10-14 00:33*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-14T08:28:58.445389+08:00 *hostname*
>> sshd-session[1757303]: Invalid user lee from 89.37.193.207 port 60996
>> 2025-10-14T08:31:14.996136+08:00 *hostname* sshd-session[1757317]:
>> Connection from 89.37.193.207 port 54964 on 10.7.121.81 port 22 rdomain «»
>> 2025-10-14T08:31:15.987529+08:00 *hostname* sshd-session[1757317]: Invalid
>> user master from 89.37.193.207 port 54964 2025-10-14T08:33:34.747846+08:00
>> *hostname* sshd-session[1757335]: Connection from 89.37.193.207 port 37436
>> on 10.7.121.81 port 22 rdomain «» 2025-10-14T08:33:35.727147+08:00
>> *hostname* sshd-session[1757335]: Invalid user root/admin from
>> 89.37.193.207 port 37436
>> *2025-10-14 00:26*.*Categories:* Brute-Force, SSH.
>> *Comment:* (sshd) Failed SSH login from 89.37.193.207 (RU/Russia/-): 5
>> in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Oct
>> 14 00:21:06 23360 sshd[30151]: Invalid user helen from 89.37.193.207 port
>> 46978 Oct 14 00:21:08 23360 sshd[30151]: Failed password for invalid user
>> helen from 89.37.193.207 port 46978 ssh2 Oct 14 00:24:52 23360 sshd[30800]:
>> Invalid user ydy from 89.37.193.207 port 50042 Oct 14 00:24:55 23360
>> sshd[30800]: Failed password for invalid user ydy from 89.37.193.207 port
>> 50042 ssh2 Oct 14 00:26:09 23360 sshd[30982]: pam_unix(sshd:auth):
>> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
>> rhost=89.37.193.207 user=root
>> *2025-10-14 00:09*.*Categories:* Brute-Force.
>> *Comment:* list.rtbh.com.tr report: tcp/0
>> *2025-10-14 00:03*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-14T01:01:24.927142+01:00 miku.zit.at sshd[1356788]:
>> Failed password for invalid user vpnuser1 from 89.37.193.207 port 47330
>> ssh2 2025-10-14T01:02:29.001717+01:00 miku.zit.at sshd[1356951]: Invalid
>> user admin from 89.37.193.207 port 52188 2025-10-14T01:02:29.010105+01:00
>> miku.zit.at sshd[1356951]: pam_unix(sshd:auth): authentication failure;
>> logname= uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207
>> 2025-10-14T01:02:31.155472+01:00 miku.zit.at sshd[1356951]: Failed
>> password for invalid user admin from 89.37.193.207 port 52188 ssh2
>> 2025-10-14T01:03:32.896194+01:00 miku.zit.at sshd[1357120]: Invalid user
>> ilaria from 89.37.193.207 port 38106 …
>> *2025-10-13 23:45*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-14T00:43:34.553495+01:00 miku.zit.at sshd[1353750]:
>> Failed password for invalid user lucas from 89.37.193.207 port 41858 ssh2
>> 2025-10-14T00:44:49.104608+01:00 miku.zit.at sshd[1354044]: Invalid user
>> rootftp from 89.37.193.207 port 49114 2025-10-14T00:44:49.107864+01:00
>> miku.zit.at sshd[1354044]: pam_unix(sshd:auth): authentication failure;
>> logname= uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207
>> 2025-10-14T00:44:51.066765+01:00 miku.zit.at sshd[1354044]: Failed
>> password for invalid user rootftp from 89.37.193.207 port 49114 ssh2
>> 2025-10-14T00:45:55.942326+01:00 miku.zit.at sshd[1354241]: Invalid user
>> ubuntu from 89.37.193.207 port 35812 …
>> *2025-10-13 23:03*.*Categories:* SSH.
>> *Comment:* 2025-10-14T00:01:17.994741+01:00 hostvu2 sshd[3125502]:
>> Failed password for root from 89.37.193.207 port 42162 ssh2
>> 2025-10-14T00:02:29.847326+01:00 hostvu2 sshd[3125540]:
>> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
>> ruser= rhost=89.37.193.207 user=root 2025-10-14T00:02:31.777500+01:00
>> hostvu2 sshd[3125540]: Failed password for root from 89.37.193.207 port
>> 54076 ssh2 2025-10-14T00:03:45.147983+01:00 hostvu2 sshd[3127863]:
>> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
>> ruser= rhost=89.37.193.207 user=root 2025-10-14T00:03:47.851966+01:00
>> hostvu2 sshd[3127863]: Failed password for root from 89.37.193.207 port
>> 33766 ssh2 …
>> *2025-10-13 22:54*.*Categories:* Brute-Force, SSH.
>> *Comment:* Oct 13 22:50:18 raspberrypi sshd[14337]: Invalid user bodega
>> from 89.37.193.207 port 34100 Oct 13 22:51:29 raspberrypi sshd[14356]:
>> Invalid user Azure from 89.37.193.207 port 34028 Oct 13 22:52:41
>> raspberrypi sshd[14404]: Invalid user uftp from 89.37.193.207 port 43912
>> Oct 13 22:53:49 raspberrypi sshd[14454]: Invalid user regionalci from
>> 89.37.193.207 port 38190 Oct 13 22:54:58 raspberrypi sshd[14478]: Invalid
>> user anti from 89.37.193.207 port 39212 …
>> *2025-10-13 22:39*.*Categories:* Brute-Force, SSH.
>> *Comment:* Oct 13 22:35:10 raspberrypi sshd[13876]: Invalid user cy from
>> 89.37.193.207 port 43112 Oct 13 22:36:18 raspberrypi sshd[13907]: Invalid
>> user mohit from 89.37.193.207 port 54898 Oct 13 22:37:27 raspberrypi
>> sshd[13962]: Invalid user scott from 89.37.193.207 port 47960 Oct 13
>> 22:38:40 raspberrypi sshd[14001]: Invalid user david from 89.37.193.207
>> port 56820 Oct 13 22:39:50 raspberrypi sshd[14025]: Invalid user matin from
>> 89.37.193.207 port 39200 …
>> *2025-10-13 22:24*.*Categories:* Brute-Force, SSH.
>> *Comment:* Oct 13 22:16:30 raspberrypi sshd[13334]: Invalid user mpp
>> from 89.37.193.207 port 55076 Oct 13 22:20:02 raspberrypi sshd[13428]:
>> Invalid user newuser from 89.37.193.207 port 60068 Oct 13 22:22:20
>> raspberrypi sshd[13521]: Invalid user ftpuser from 89.37.193.207 port 41784
>> Oct 13 22:23:28 raspberrypi sshd[13566]: Invalid user super from
>> 89.37.193.207 port 51686 Oct 13 22:24:36 raspberrypi sshd[13616]: Invalid
>> user victor from 89.37.193.207 port 45488 …
>> *2025-10-13 22:22*.*Categories:* Brute-Force, SSH.
>> *Comment:* Fail2ban Triggered
>> *2025-10-13 22:18*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-14T11:16:09.504177+13:00 dara sshd[2963963]:
>> Disconnected from invalid user mpp 89.37.193.207 port 40546 [preauth]
>> 2025-10-14T11:18:37.495269+13:00 dara sshd[2964206]: Connection from
>> 89.37.193.207 port 37962 on 135.181.182.173 port 22 rdomain «»
>> 2025-10-14T11:18:37.738642+13:00 dara sshd[2964206]: pam_unix(sshd:auth):
>> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
>> rhost=89.37.193.207 user=root 2025-10-14T11:18:39.671832+13:00 dara
>> sshd[2964206]: Failed password for root from 89.37.193.207 port 37962 ssh2
>> 2025-10-14T11:18:39.892794+13:00 dara sshd[2964206]: Disconnected from
>> authenticating user root 89.37.193.207 port 37962 [preauth] …
>> *2025-10-13 21:39*.*Categories:* Brute-Force, SSH.
>> *Comment:* SSH auth scanning — multiple failed logins
>> *2025-10-13 21:38*.*Categories:* Brute-Force, SSH.
>> *Comment:*
>> *2025-10-13 21:36*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-14T03:33:55.782333+06:00 ubuntu sshd[186921]: Failed
>> password for root from 89.37.193.207 port 49848 ssh2
>> 2025-10-14T03:36:21.214638+06:00 ubuntu sshd[186956]: Invalid user ld from
>> 89.37.193.207 port 40478 …
>> *2025-10-13 21:35*.*Categories:* Brute-Force, SSH.
>> *Comment:* Oct 13 21:31:45 au-mirror sshd[1205907]: Failed password for
>> root from 89.37.193.207 port 46092 ssh2 Oct 13 21:35:43 au-mirror
>> sshd[1205948]: Invalid user ld from 89.37.193.207 port 53614 …
>> *2025-10-13 21:27*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-13T21:21:52.723697+00:00 ingereck.net sshd[1385418]:
>> Invalid user nandan from 89.37.193.207 port 34336
>> 2025-10-13T21:23:20.479685+00:00 ingereck.net sshd[1385431]: Invalid
>> user sajjad from 89.37.193.207 port 44428 2025-10-13T21:24:44.159894+00:00
>> ingereck.net sshd[1385440]: Invalid user adu from 89.37.193.207 port
>> 35366 2025-10-13T21:26:07.555647+00:00 ingereck.net sshd[1385460]:
>> Invalid user hamza from 89.37.193.207 port 39186
>> 2025-10-13T21:27:34.980048+00:00 ingereck.net sshd[1385476]: Invalid
>> user ftpuser from 89.37.193.207 port 55532 …
>> *2025-10-13 21:15*.*Categories:* Brute-Force, SSH.
>> *Comment:* Oct 13 23:14:05 portfolio-web sshd[1981429]:
>> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
>> ruser= rhost=89.37.193.207 user=root Oct 13 23:14:07 portfolio-web
>> sshd[1981429]: Failed password for root from 89.37.193.207 port 42336 ssh2
>> Oct 13 23:15:34 portfolio-web sshd[1981440]: Invalid user profe from
>> 89.37.193.207 port 51760 Oct 13 23:15:34 portfolio-web sshd[1981440]:
>> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
>> ruser= rhost=89.37.193.207 Oct 13 23:15:37 portfolio-web sshd[1981440]:
>> Failed password for invalid user profe from 89.37.193.207 port 51760 ssh2
>> …
>> *2025-10-13 21:11*.*Categories:* Brute-Force, SSH.
>> *Comment:* Oct 13 23:10:07 odin sshd[3777]: pam_unix(sshd:auth):
>> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
>> rhost=89.37.193.207 Oct 13 23:10:09 odin sshd[3777]: Failed password for
>> invalid user zhang from 89.37.193.207 port 40946 ssh2 Oct 13 23:11:33 odin
>> sshd[4332]: Failed password for root from 89.37.193.207 port 46218 ssh2
>> *2025-10-13 21:10*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-13T21:04:46.985799+00:00 ingereck.net sshd[1385008]:
>> Invalid user gabby from 89.37.193.207 port 50564
>> 2025-10-13T21:06:07.183553+00:00 ingereck.net sshd[1385033]: Invalid
>> user rr from 89.37.193.207 port 55822 2025-10-13T21:07:32.012782+00:00
>> ingereck.net sshd[1385056]: Invalid user sean from 89.37.193.207 port
>> 44860 2025-10-13T21:08:59.833317+00:00 ingereck.net sshd[1385094]:
>> Invalid user sepehr from 89.37.193.207 port 46342
>> 2025-10-13T21:10:26.179617+00:00 ingereck.net sshd[1385203]: Invalid
>> user zhang from 89.37.193.207 port 35634 …
>> *2025-10-13 20:53*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-13T20:42:54.124110+00:00 ingereck.net sshd[1384644]:
>> Invalid user zain from 89.37.193.207 port 51076
>> 2025-10-13T20:49:03.581891+00:00 ingereck.net sshd[1384707]: Invalid
>> user g from 89.37.193.207 port 34312 2025-10-13T20:50:30.112025+00:00
>> ingereck.net sshd[1384742]: Invalid user ftptest from 89.37.193.207 port
>> 53042 2025-10-13T20:51:53.410638+00:00 ingereck.net sshd[1384770]:
>> Invalid user chenhui from 89.37.193.207 port 58420
>> 2025-10-13T20:53:14.679462+00:00 ingereck.net sshd[1384791]: Invalid
>> user luciano from 89.37.193.207 port 42216 …
>> *2025-10-13 20:47*.*Categories:* Brute-Force, SSH.
>> *Comment:* Oct 13 22:44:35 portfolio-web sshd[1980958]:
>> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
>> ruser= rhost=89.37.193.207 user=root Oct 13 22:44:37 portfolio-web
>> sshd[1980958]: Failed password for root from 89.37.193.207 port 36128 ssh2
>> Oct 13 22:45:51 portfolio-web sshd[1980997]: pam_unix(sshd:auth):
>> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
>> rhost=89.37.193.207 user=root Oct 13 22:45:53 portfolio-web sshd[1980997]:
>> Failed password for root from 89.37.193.207 port 54166 ssh2 Oct 13 22:47:06
>> portfolio-web sshd[1981010]: Invalid user admin from 89.37.193.207 port
>> 39594 …
>> *2025-10-13 20:44*.*Categories:* Brute-Force, SSH.
>> *Comment:* Oct 13 22:42:00 odin sshd[28374]: pam_unix(sshd:auth):
>> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
>> rhost=89.37.193.207 Oct 13 22:42:01 odin sshd[28374]: Failed password for
>> invalid user zain from 89.37.193.207 port 37104 ssh2 Oct 13 22:44:51 odin
>> sshd[28673]: Failed password for root from 89.37.193.207 port 42654 ssh2
>> *2025-10-13 20:43*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-13T22:43:03.650933+02:00 meet sshd-session[44495]:
>> Invalid user zain from 89.37.193.207 port 33708 …
>> *2025-10-13 20:10*.*Categories:* Brute-Force.
>> *Comment:* list.rtbh.com.tr report: tcp/0
>> *2025-10-13 19:56*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-13T21:53:18.889098+02:00 fra-GW01 sshd[1548854]:
>> Failed password for invalid user sk from 89.37.193.207 port 45546 ssh2
>> 2025-10-13T21:56:49.841119+02:00 fra-GW01 sshd[1549002]:
>> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
>> ruser= rhost=89.37.193.207 user=root 2025-10-13T21:56:52.108571+02:00
>> fra-GW01 sshd[1549002]: Failed password for root from 89.37.193.207 port
>> 60274 ssh2 …
>> *2025-10-13 19:51*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-13T20:49:34.108013+01:00 miku.zit.at sshd[1308998]:
>> Failed password for invalid user test01 from 89.37.193.207 port 34616 ssh2
>> 2025-10-13T20:50:42.444459+01:00 miku.zit.at sshd[1309268]: Invalid user
>> ubuntu from 89.37.193.207 port 36268 2025-10-13T20:50:42.451827+01:00
>> miku.zit.at sshd[1309268]: pam_unix(sshd:auth): authentication failure;
>> logname= uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207
>> 2025-10-13T20:50:44.001939+01:00 miku.zit.at sshd[1309268]: Failed
>> password for invalid user ubuntu from 89.37.193.207 port 36268 ssh2
>> 2025-10-13T20:51:55.164154+01:00 miku.zit.at sshd[1309468]: Invalid user
>> a from 89.37.193.207 port 49630 …
>> *2025-10-13 19:43*.*Categories:* Brute-Force, SSH.
>> *Comment:* Invalid user botuser from 89.37.193.207 port 38610
>> *2025-10-13 19:41*.*Categories:* Brute-Force, SSH.
>> *Comment:* Invalid user botuser from 89.37.193.207 port 43654
>> *2025-10-13 19:34*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-13T20:31:58.469411+01:00 miku.zit.at sshd[1306099]:
>> Failed password for invalid user ubuntu from 89.37.193.207 port 34504 ssh2
>> 2025-10-13T20:33:07.226387+01:00 miku.zit.at sshd[1306272]: Invalid user
>> admin1 from 89.37.193.207 port 45574 2025-10-13T20:33:07.233832+01:00
>> miku.zit.at sshd[1306272]: pam_unix(sshd:auth): authentication failure;
>> logname= uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207
>> 2025-10-13T20:33:09.621530+01:00 miku.zit.at sshd[1306272]: Failed
>> password for invalid user admin1 from 89.37.193.207 port 45574 ssh2
>> 2025-10-13T20:34:17.752363+01:00 miku.zit.at sshd[1306445]: Invalid user
>> dev from 89.37.193.207 port 50586 …
>> *2025-10-13 19:16*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-13T20:14:21.012027+01:00 miku.zit.at sshd[1302866]:
>> Failed password for invalid user sammy from 89.37.193.207 port 35894 ssh2
>> 2025-10-13T20:15:40.340252+01:00 miku.zit.at sshd[1303158]: Invalid user
>> dockeruser from 89.37.193.207 port 42818 2025-10-13T20:15:40.347792+01:00
>> miku.zit.at sshd[1303158]: pam_unix(sshd:auth): authentication failure;
>> logname= uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207
>> 2025-10-13T20:15:42.665646+01:00 miku.zit.at sshd[1303158]: Failed
>> password for invalid user dockeruser from 89.37.193.207 port 42818 ssh2
>> 2025-10-13T20:16:51.791041+01:00 miku.zit.at sshd[1303597]: Invalid user
>> steam from 89.37.193.207 port 39840 …
>> *2025-10-13 19:16*.*Categories:* Brute-Force, SSH.
>> *Comment:* Log Entry: 2025-10-13T19:12:23241 abuse sshd[1130709]:
>> Invalid user sammy from 89.37.193.207 port 40508 Log Entry:
>> 2025-10-13T19:15:06935 abuse sshd[1130931]: Invalid user dockeruser from
>> 89.37.193.207 port 49254 Log Entry: 2025-10-13T19:16:19149 abuse
>> sshd[1131010]: Invalid user steam from 89.37.193.207 port 45134 Log Entry:
>> …
>> *2025-10-13 19:15*.*Categories:* Brute-Force, Web App Attack,
>> SSH.
>> *Comment:* Default ban by fail2ban
>> *2025-10-13 19:12*.*Categories:* Brute-Force, SSH.
>> *Comment:* $f2bV_matches
>> *2025-10-13 19:10*.*Categories:* Port Scan, Hacking,
>> Brute-Force, Exploited Host, Web App Attack.
>> *Comment:* 2025-10-14T00:40:35.835038localhost sshd[1525019]: Invalid
>> user sammy from 89.37.193.207 port 33268 …
>> *2025-10-13 18:00*.*Categories:* Brute-Force, SSH.
>> *Comment:* SSH abuse or brute-force attack detected by Fail2Ban in ssh
>> jail
>> *2025-10-13 17:46*.*Categories:* Brute-Force, SSH.
>> *Comment:* (sshd) Failed SSH login from 89.37.193.207 (RU/Russia/-): 5
>> in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Oct
>> 13 12:41:23 15806 sshd[25820]: Invalid user ray from 89.37.193.207 port
>> 55818 Oct 13 12:41:25 15806 sshd[25820]: Failed password for invalid user
>> ray from 89.37.193.207 port 55818 ssh2 Oct 13 12:45:11 15806 sshd[26212]:
>> Invalid user work from 89.37.193.207 port 44804 Oct 13 12:45:13 15806
>> sshd[26212]: Failed password for invalid user work from 89.37.193.207 port
>> 44804 ssh2 Oct 13 12:46:31 15806 sshd[26321]: Invalid user alin from
>> 89.37.193.207 port 53842
>> *2025-10-13 17:46*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-13T13:44:01.215982 tlgy-node1 sshd[2782300]:
>> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
>> ruser= rhost=89.37.193.207 2025-10-13T13:44:03.283761 tlgy-node1
>> sshd[2782300]: Failed password for invalid user ray from 89.37.193.207 port
>> 53986 ssh2 2025-10-13T13:46:03.500386 tlgy-node1 sshd[2782792]: Invalid
>> user work from 89.37.193.207 port 42524 …
>> *2025-10-13 17:45*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-13T17:43:20.037810+00:00 edge-fra-2.senko.network
>> sshd[3886852]: Invalid user ray from 89.37.193.207 port 60708
>> 2025-10-13T17:45:46.129653+00:00 edge-fra-2.senko.network sshd[3886948]:
>> Invalid user work from 89.37.193.207 port 34444 …
>> *2025-10-13 16:54*.*Categories:* Brute-Force, SSH.
>> *Comment:* (sshd) Failed SSH login from 89.37.193.207 (RU/Russia/-): 5
>> in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Oct
>> 13 11:51:22 14153 sshd[26867]: Invalid user aria from 89.37.193.207 port
>> 60374 Oct 13 11:51:24 14153 sshd[26867]: Failed password for invalid user
>> aria from 89.37.193.207 port 60374 ssh2 Oct 13 11:53:24 14153 sshd[27029]:
>> Invalid user ftpuser from 89.37.193.207 port 46416 Oct 13 11:53:26 14153
>> sshd[27029]: Failed password for invalid user ftpuser from 89.37.193.207
>> port 46416 ssh2 Oct 13 11:54:46 14153 sshd[27121]: Invalid user testuser
>> from 89.37.193.207 port 52554
>> *2025-10-13 16:53*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-13T18:51:46.186028+02:00 fra-GW01 sshd[1537946]:
>> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
>> ruser= rhost=89.37.193.207 2025-10-13T18:51:47.536668+02:00 fra-GW01
>> sshd[1537946]: Failed password for invalid user aria from 89.37.193.207
>> port 46728 ssh2 2025-10-13T18:53:34.406193+02:00 fra-GW01 sshd[1538132]:
>> Invalid user ftpuser from 89.37.193.207 port 37544 …
>> *2025-10-13 16:53*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-13T11:50:13.148302-05:00 ip-172-31-76-241
>> sshd[983557]: Invalid user aria from 89.37.193.207 port 37084
>> 2025-10-13T11:50:13.288730-05:00 ip-172-31-76-241 sshd[983557]:
>> Disconnected from invalid user aria 89.37.193.207 port 37084 [preauth]
>> 2025-10-13T11:52:59.900891-05:00 ip-172-31-76-241 sshd[1023332]: Invalid
>> user ftpuser from 89.37.193.207 port 48958 …
>> *2025-10-13 16:10*.*Categories:* Brute-Force, SSH.
>> *Comment:* Oct 13 17:06:01 ipmi sshd[40953]: Disconnected from
>> authenticating user root 89.37.193.207 port 34670 [preauth] Oct 13 17:09:08
>> ipmi sshd[41150]: pam_unix(sshd:auth): authentication failure; logname=
>> uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root Oct 13 17:09:10
>> ipmi sshd[41150]: Failed password for root from 89.37.193.207 port 36750
>> ssh2 Oct 13 17:09:10 ipmi sshd[41150]: Disconnected from authenticating
>> user root 89.37.193.207 port 36750 [preauth] Oct 13 17:10:27 ipmi
>> sshd[41256]: Invalid user botuser from 89.37.193.207 port 60782 …
>> *2025-10-13 16:05*.*Categories:* Brute-Force, SSH.
>> *Comment:* 89.37.193.207 (RU/Russia/-), 5 distributed sshd attacks on
>> account [root] in the last 3600 secs; Ports: *; Direction: 1; Trigger:
>> LF_DISTATTACK; Logs: Oct 13 11:05:48 12389 sshd[28715]:
>> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
>> ruser= rhost=89.37.193.207 user=root Oct 13 10:31:48 12389 sshd[26052]:
>> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
>> ruser= rhost=119.255.245.44 user=root Oct 13 10:31:50 12389 sshd[26052]:
>> Failed password for root from 119.255.245.44 port 46722 ssh2 Oct 13
>> 11:05:08 12389 sshd[28692]: pam_unix(sshd:auth): authentication failure;
>> logname= uid=0 euid=0 tty=ssh ruser= rhost=212.19.117.204 user=root Oct 13
>> 11:05:10 12389 sshd[28692]: Failed password for root from 212.19.117.204
>> port 41447 ssh2 IP Addresses Blocked:
>> *2025-10-13 15:59*.*Categories:* Brute-Force, SSH.
>> *Comment:* Oct 13 18:58:19 www sshd\[18514\]: Invalid user devops from
>> 89.37.193.207Oct 13 18:58:21 www sshd\[18514\]: Failed password for invalid
>> user devops from 89.37.193.207 port 42728 ssh2Oct 13 18:59:30 www
>> sshd\[18538\]: Invalid user becky from 89.37.193.207 …
>> *2025-10-13 15:55*.*Categories:* Brute-Force, SSH.
>> *Comment:* Oct 13 17:52:57 m2048 sshd[3963318]: Invalid user sonarr from
>> 89.37.193.207 port 60364 Oct 13 17:52:59 m2048 sshd[3963318]: Failed
>> password for invalid user sonarr from 89.37.193.207 port 60364 ssh2 Oct 13
>> 17:54:12 m2048 sshd[3963423]: pam_unix(sshd:auth): authentication failure;
>> logname= uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root Oct 13
>> 17:54:14 m2048 sshd[3963423]: Failed password for root from 89.37.193.207
>> port 57376 ssh2 Oct 13 17:55:26 m2048 sshd[3963545]: Invalid user rana from
>> 89.37.193.207 port 45944 …
>> *2025-10-13 15:42*.*Categories:* Brute-Force, SSH.
>> *Comment:* Oct 13 18:41:15 www sshd\[18163\]: Invalid user adnan from
>> 89.37.193.207Oct 13 18:41:18 www sshd\[18163\]: Failed password for invalid
>> user adnan from 89.37.193.207 port 33416 ssh2Oct 13 18:42:26 www
>> sshd\[18186\]: Invalid user summer from 89.37.193.207 …
>> *2025-10-13 15:29*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-13T17:26:04.364860+02:00 ns402 sshd[1629988]: Failed
>> password for invalid user backend from 89.37.193.207 port 36972 ssh2
>> 2025-10-13T17:26:04.496363+02:00 ns402 sshd[1629988]: Disconnected from
>> invalid user backend 89.37.193.207 port 36972 [preauth]
>> 2025-10-13T17:27:20.957910+02:00 ns402 sshd[1630266]: Invalid user sean
>> from 89.37.193.207 port 56424 2025-10-13T17:27:20.972437+02:00 ns402
>> sshd[1630266]: pam_unix(sshd:auth): authentication failure; logname= uid=0
>> euid=0 tty=ssh ruser= rhost=89.37.193.207 2025-10-13T17:27:22.851067+02:00
>> ns402 sshd[1630266]: Failed password for invalid user sean from
>> 89.37.193.207 port 56424 ssh2 2025-10-13T17:27:22.921966+02:00 ns402
>> sshd[1630266]: Disconnected from invalid user sean 89.37.193.207 port 56424
>> [preauth] 2025-10-13T17:28:34.034136+02:00 ns402 sshd[1630506]:
>> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
>> ruser= rhost=89.37.193.207 user=root 2025-10-13T17:28:35.602252+02:00 ns402
>> sshd[1630506]: Failed pas …
>> *2025-10-13 15:27*.*Categories:* Brute-Force, SSH.
>> *Comment:* Oct 13 17:26:11 m2048 sshd[3962079]: Failed password for
>> invalid user backend from 89.37.193.207 port 56022 ssh2 Oct 13 17:27:27
>> m2048 sshd[3962096]: Invalid user sean from 89.37.193.207 port 53662 Oct 13
>> 17:27:27 m2048 sshd[3962096]: pam_unix(sshd:auth): authentication failure;
>> logname= uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207 Oct 13 17:27:27
>> m2048 sshd[3962096]: Invalid user sean from 89.37.193.207 port 53662 Oct 13
>> 17:27:29 m2048 sshd[3962096]: Failed password for invalid user sean from
>> 89.37.193.207 port 53662 ssh2 …
>> *2025-10-13 15:25*.*Categories:* Brute-Force, SSH.
>> *Comment:* Oct 13 18:20:25 www sshd\[17740\]: Failed password for root
>> from 89.37.193.207 port 40482 ssh2Oct 13 18:25:18 www sshd\[17843\]:
>> Invalid user backend from 89.37.193.207Oct 13 18:25:20 www sshd\[17843\]:
>> Failed password for invalid user backend from 89.37.193.207 port 51508 ssh2
>> …
>> *2025-10-13 15:25*.*Categories:* SSH.
>> *Comment:* Oct 13 16:25:02 l03 sshd[3278]: Invalid user backend from
>> 89.37.193.207 port 36152 …
>> *2025-10-13 15:19*.*Categories:* Brute-Force, SSH.
>> *Comment:* 89.37.193.207 (RU/Russia/-), 5 distributed sshd attacks on
>> account [root] in the last 3600 secs; Ports: *; Direction: 1; Trigger:
>> LF_DISTATTACK; Logs: Oct 13 10:06:31 14106 sshd[14192]:
>> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
>> ruser= rhost=78.89.154.59 user=root Oct 13 10:06:33 14106 sshd[14192]:
>> Failed password for root from 78.89.154.59 port 34944 ssh2 Oct 13 10:02:43
>> 14106 sshd[13828]: pam_unix(sshd:auth): authentication failure; logname=
>> uid=0 euid=0 tty=ssh ruser= rhost=79.116.71.204 user=root Oct 13 10:19:45
>> 14106 sshd[15215]: pam_unix(sshd:auth): authentication failure; logname=
>> uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root Oct 13 10:19:46
>> 14106 sshd[15215]: Failed password for root from 89.37.193.207 port 33682
>> ssh2 IP Addresses Blocked: 78.89.154.59 (KW/Kuwait/-) 79.116.71.204
>> (ES/Spain/79-116-71-204.digimobil.es)
>> *2025-10-13 14:37*.*Categories:* Brute-Force, SSH.
>> *Comment:* 89.37.193.207 (RU/Russia/-), 5 distributed sshd attacks on
>> account [root] in the last 3600 secs; Ports: *; Direction: 1; Trigger:
>> LF_DISTATTACK; Logs: Oct 13 09:35:52 16988 sshd[23185]:
>> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
>> ruser= rhost=162.144.85.107 user=root Oct 13 09:35:53 16988 sshd[23185]:
>> Failed password for root from 162.144.85.107 port 54846 ssh2 Oct 13
>> 09:15:51 16988 sshd[21679]: pam_unix(sshd:auth): authentication failure;
>> logname= uid=0 euid=0 tty=ssh ruser= rhost=103.136.106.74 user=root Oct 13
>> 09:15:53 16988 sshd[21679]: Failed password for root from 103.136.106.74
>> port 49814 ssh2 Oct 13 09:37:06 16988 sshd[23324]: pam_unix(sshd:auth):
>> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
>> rhost=89.37.193.207 user=root IP Addresses Blocked: 162.144.85.107
>> (US/United States/162-144-85-107.unifiedlayer.com) 103.136.106.74
>> (BD/Bangladesh/-)
>> *2025-10-13 14:36*.*Categories:* Port Scan.
>> *Comment:* ports, 22/24H:1/7D:1
>> *2025-10-13 13:57*.*Categories:* Brute-Force, SSH.
>> *Comment:* Oct 13 13:54:33 ubuntu sshd[1495434]: Failed password for
>> root from 89.37.193.207 port 46814 ssh2 Oct 13 13:55:51 ubuntu
>> sshd[1495479]: pam_unix(sshd:auth): authentication failure; logname= uid=0
>> euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root Oct 13 13:55:54 ubuntu
>> sshd[1495479]: Failed password for root from 89.37.193.207 port 45450 ssh2
>> Oct 13 13:57:12 ubuntu sshd[1495481]: pam_unix(sshd:auth): authentication
>> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root
>> Oct 13 13:57:14 ubuntu sshd[1495481]: Failed password for root from
>> 89.37.193.207 port 36318 ssh2 …
>> *2025-10-13 13:53*.*Categories:* Brute-Force, SSH.
>> *Comment:* (sshd) Failed SSH login from 89.37.193.207 (RU/Russia/-): 5
>> in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Oct
>> 13 08:48:15 18800 sshd[5177]: pam_unix(sshd:auth): authentication failure;
>> logname= uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root Oct 13
>> 08:48:17 18800 sshd[5177]: Failed password for root from 89.37.193.207 port
>> 59244 ssh2 Oct 13 08:52:11 18800 sshd[5483]: pam_unix(sshd:auth):
>> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
>> rhost=89.37.193.207 user=root Oct 13 08:52:13 18800 sshd[5483]: Failed
>> password for root from 89.37.193.207 port 37308 ssh2 Oct 13 08:53:36 18800
>> sshd[5563]: pam_unix(sshd:auth): authentication failure; logname= uid=0
>> euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root
>> *2025-10-13 13:50*.*Categories:* Port Scan, Brute-Force, SSH.
>> *Comment:* Port probe to tcp/22 (ssh) [srv124]
>> *2025-10-13 12:37*.*Categories:* Brute-Force.
>> *Comment:* $f2bV_matches
>> *2025-10-13 12:31*.*Categories:* Brute-Force, Web App Attack,
>> SSH.
>> *Comment:* Automatic Reporting — Brute Force Attempts
>> *2025-10-13 12:27*.*Categories:* Brute-Force, SSH.
>> *Comment:* (sshd) Failed SSH login from 89.37.193.207 (RU/Russia/-): 5
>> in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Oct
>> 13 07:24:25 14113 sshd[19528]: Invalid user www from 89.37.193.207 port
>> 41110 Oct 13 07:24:26 14113 sshd[19528]: Failed password for invalid user
>> www from 89.37.193.207 port 41110 ssh2 Oct 13 07:26:15 14113 sshd[19819]:
>> Invalid user zenith from 89.37.193.207 port 41454 Oct 13 07:26:17 14113
>> sshd[19819]: Failed password for invalid user zenith from 89.37.193.207
>> port 41454 ssh2 Oct 13 07:27:43 14113 sshd[20015]: Invalid user pippo from
>> 89.37.193.207 port 39566
>> *2025-10-13 12:27*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-13T05:23:56.977096-07:00 dmit-vm-pro-plamspring-lax
>> sshd[764308]: Invalid user www from 89.37.193.207 port 35832
>> 2025-10-13T05:26:04.546496-07:00 dmit-vm-pro-plamspring-lax sshd[764331]:
>> Invalid user zenith from 89.37.193.207 port 50244
>> 2025-10-13T05:27:33.163463-07:00 dmit-vm-pro-plamspring-lax sshd[764360]:
>> Invalid user pippo from 89.37.193.207 port 55012 …
>> *2025-10-13 12:21*.*Categories:* Brute-Force, SSH.
>> *Comment:* Oct 13 12:21:35 Sildom2 sshd[1229482]: pam_unix(sshd:auth):
>> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
>> rhost=89.37.193.207 Oct 13 12:21:37 Sildom2 sshd[1229482]: Failed password
>> for invalid user www from 89.37.193.207 port 40774 ssh2 …
>> *2025-10-13 11:43*.*Categories:* Hacking, Brute-Force, SSH.
>> *Comment:* Oct 13 11:40:42 lewisgillcom sshd[3459673]: Failed password
>> for invalid user nominatim from 89.37.193.207 port 57956 ssh2 Oct 13
>> 11:42:07 lewisgillcom sshd[3460070]: Invalid user admin1 from 89.37.193.207
>> port 52242 Oct 13 11:42:07 lewisgillcom sshd[3460070]: pam_unix(sshd:auth):
>> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
>> rhost=89.37.193.207 Oct 13 11:42:09 lewisgillcom sshd[3460070]: Failed
>> password for invalid user admin1 from 89.37.193.207 port 52242 ssh2 Oct 13
>> 11:43:27 lewisgillcom sshd[3460272]: Invalid user csgoserver from
>> 89.37.193.207 port 42234 …
>> *2025-10-13 11:43*.*Categories:* Brute-Force, SSH.
>> *Comment:* (sshd) Failed SSH login from 89.37.193.207 (RU/Russia/-): 5
>> in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Oct
>> 13 06:39:32 16144 sshd[17009]: Invalid user nominatim from 89.37.193.207
>> port 54152 Oct 13 06:39:34 16144 sshd[17009]: Failed password for invalid
>> user nominatim from 89.37.193.207 port 54152 ssh2 Oct 13 06:41:46 16144
>> sshd[17161]: Invalid user admin1 from 89.37.193.207 port 36398 Oct 13
>> 06:41:48 16144 sshd[17161]: Failed password for invalid user admin1 from
>> 89.37.193.207 port 36398 ssh2 Oct 13 06:43:07 16144 sshd[17285]: Invalid
>> user csgoserver from 89.37.193.207 port 55238
>> *2025-10-13 11:42*.*Categories:* Brute-Force, SSH.
>> *Comment:* Oct 13 13:38:39 main1 sshd[1259360]: Invalid user nominatim
>> from 89.37.193.207 port 40834 Oct 13 13:41:28 main1 sshd[1259795]: Invalid
>> user admin1 from 89.37.193.207 port 57314 Oct 13 13:42:49 main1
>> sshd[1260121]: Invalid user csgoserver from 89.37.193.207 port 37792 …
>> *2025-10-13 11:42*.*Categories:* Brute-Force, SSH.
>> *Comment:* Oct 13 13:37:51 bonsai sshd[13617]: Invalid user nominatim
>> from 89.37.193.207 Oct 13 13:41:12 bonsai sshd[24278]: Invalid user admin1
>> from 89.37.193.207 Oct 13 13:42:32 bonsai sshd[24462]: Invalid user
>> csgoserver from 89.37.193.207 …
>> *2025-10-13 11:41*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-13T11:39:11.931093+00:00 nextcloud sshd[1631196]:
>> Failed password for invalid user nominatim from 89.37.193.207 port 49502
>> ssh2 2025-10-13T11:41:38.303284+00:00 nextcloud sshd[1631425]: Invalid user
>> admin1 from 89.37.193.207 port 52414 2025-10-13T11:41:38.310137+00:00
>> nextcloud sshd[1631425]: pam_unix(sshd:auth): authentication failure;
>> logname= uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207
>> 2025-10-13T11:41:40.109331+00:00 nextcloud sshd[1631425]: Failed password
>> for invalid user admin1 from 89.37.193.207 port 52414 ssh2 …
>> *2025-10-13 11:41*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-13T11:39:08.746220+00:00 polaris sshd[1089930]:
>> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
>> ruser= rhost=89.37.193.207 2025-10-13T11:39:10.274378+00:00 polaris
>> sshd[1089930]: Failed password for invalid user nominatim from
>> 89.37.193.207 port 60026 ssh2 2025-10-13T11:41:38.011958+00:00 polaris
>> sshd[1090216]: Invalid user admin1 from 89.37.193.207 port 46032 …
>> *2025-10-13 10:53*.*Categories:* Brute-Force, SSH.
>> *Comment:* (sshd) Failed SSH login from 89.37.193.207 (RU/Russia/-): 5
>> in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Oct
>> 13 05:49:26 15423 sshd[16111]: Invalid user huawei from 89.37.193.207 port
>> 49750 Oct 13 05:49:28 15423 sshd[16111]: Failed password for invalid user
>> huawei from 89.37.193.207 port 49750 ssh2 Oct 13 05:51:40 15423
>> sshd[16269]: Invalid user ark from 89.37.193.207 port 54154 Oct 13 05:51:42
>> 15423 sshd[16269]: Failed password for invalid user ark from 89.37.193.207
>> port 54154 ssh2 Oct 13 05:53:00 15423 sshd[16352]: Invalid user ahsan from
>> 89.37.193.207 port 37726
>> *2025-10-13 10:50*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-13T12:50:36.548121+02:00 main sshd[520550]: Invalid
>> user huawei from 89.37.193.207 port 57578 …
>> *2025-10-13 10:27*.*Categories:* Brute-Force, SSH.
>> *Comment:* Oct 13 12:26:21 pegasus sshd[2728847]: pam_unix(sshd:auth):
>> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
>> rhost=89.37.193.207 user=root Oct 13 12:26:23 pegasus sshd[2728847]: Failed
>> password for root from 89.37.193.207 port 42138 ssh2 Oct 13 12:27:38
>> pegasus sshd[2729057]: Invalid user geek from 89.37.193.207 port 49092 Oct
>> 13 12:27:38 pegasus sshd[2729057]: pam_unix(sshd:auth): authentication
>> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207 Oct 13
>> 12:27:39 pegasus sshd[2729057]: Failed password for invalid user geek from
>> 89.37.193.207 port 49092 ssh2
>> *2025-10-13 10:05*.*Categories:* Brute-Force, SSH.
>> *Comment:* CrowdSec engine detected malicious behavior. Scenario
>> ‘crowdsecurity/ssh-slow-bf’ triggered with 17 events.
>> *2025-10-13 10:03*.*Categories:* Brute-Force, SSH.
>> *Comment:* (sshd) Failed SSH login from 89.37.193.207 (RU/Russia/-): 5
>> in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Oct
>> 13 04:59:23 15486 sshd[23741]: pam_unix(sshd:auth): authentication failure;
>> logname= uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207 user=nginx Oct 13
>> 04:59:25 15486 sshd[23741]: Failed password for nginx from 89.37.193.207
>> port 53238 ssh2 Oct 13 05:02:11 15486 sshd[24004]: Invalid user runner from
>> 89.37.193.207 port 38870 Oct 13 05:02:13 15486 sshd[24004]: Failed password
>> for invalid user runner from 89.37.193.207 port 38870 ssh2 Oct 13 05:03:31
>> 15486 sshd[24113]: Invalid user exx from 89.37.193.207 port 36638
>> *2025-10-13 10:03*.*Categories:* Brute-Force, SSH.
>> *Comment:* Oct 13 12:02:32 pegasus sshd[2721607]: Invalid user runner
>> from 89.37.193.207 port 58836 Oct 13 12:02:32 pegasus sshd[2721607]:
>> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
>> ruser= rhost=89.37.193.207 Oct 13 12:02:34 pegasus sshd[2721607]: Failed
>> password for invalid user runner from 89.37.193.207 port 58836 ssh2 Oct 13
>> 12:03:51 pegasus sshd[2722217]: Invalid user exx from 89.37.193.207 port
>> 33604
>> *2025-10-13 09:15*.*Categories:* Brute-Force, SSH.
>> *Comment:* $f2bV_matches
>> *2025-10-13 08:53*.*Categories:* Brute-Force, SSH.
>> *Comment:* Oct 13 10:44:53 hydrogen sshd[3917746]: Invalid user zzl from
>> 89.37.193.207 port 40866 Oct 13 10:46:02 hydrogen sshd[3918398]: Invalid
>> user penis from 89.37.193.207 port 58346 Oct 13 10:47:15 hydrogen
>> sshd[3918911]: Invalid user chris from 89.37.193.207 port 56308 Oct 13
>> 10:48:21 hydrogen sshd[3919456]: Invalid user ftpuser from 89.37.193.207
>> port 35466 Oct 13 10:53:09 hydrogen sshd[3921790]: Invalid user fabian from
>> 89.37.193.207 port 55464 …
>> *2025-10-13 08:34*.*Categories:* Brute-Force, SSH.
>> *Comment:* Oct 13 10:25:12 hydrogen sshd[3908060]: Invalid user seven
>> from 89.37.193.207 port 58806 Oct 13 10:28:22 hydrogen sshd[3909542]:
>> Invalid user school from 89.37.193.207 port 41100 Oct 13 10:30:39 hydrogen
>> sshd[3910692]: Invalid user iptv from 89.37.193.207 port 51236 Oct 13
>> 10:33:06 hydrogen sshd[3911856]: Invalid user daniel from 89.37.193.207
>> port 58760 Oct 13 10:34:18 hydrogen sshd[3912382]: Invalid user holu from
>> 89.37.193.207 port 39830 …
>> *2025-10-13 08:27*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-13T10:25:54.538753+02:00 rpi4 sshd[5049]: Invalid
>> user seven from 89.37.193.207 port 42920 2025-10-13T10:25:54.561594+02:00
>> rpi4 sshd[5049]: pam_unix(sshd:auth): authentication failure; logname=
>> uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207
>> 2025-10-13T10:25:56.111919+02:00 rpi4 sshd[5049]: Failed password for
>> invalid user seven from 89.37.193.207 port 42920 ssh2
>> 2025-10-13T10:27:07.966792+02:00 rpi4 sshd[5068]: pam_unix(sshd:auth):
>> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
>> rhost=89.37.193.207 user=root 2025-10-13T10:27:09.205746+02:00 rpi4
>> sshd[5068]: Failed password for root from 89.37.193.207 port 53692 ssh2 …
>> *2025-10-13 08:24*.*Categories:* Brute-Force.
>> *Comment:* Oct 13 08:24:55 hecnet-us-east-gw sshd[98568]: Invalid user
>> cloud from 89.37.193.207 port 46084 Oct 13 08:24:57 hecnet-us-east-gw
>> sshd[98568]: Failed password for invalid user cloud from 89.37.193.207 port
>> 46084 ssh2 Oct 13 08:24:57 hecnet-us-east-gw sshd[98568]: Disconnected from
>> invalid user cloud 89.37.193.207 port 46084 [preauth] …
>> *2025-10-13 08:15*.*Categories:* Brute-Force, SSH.
>> *Comment:* 89.37.193.207 (RU/Russia/-), 5 distributed sshd attacks on
>> account [root] in the last 3600 secs; Ports: *; Direction: 1; Trigger:
>> LF_DISTATTACK; Logs: Oct 13 02:27:46 13144 sshd[12807]:
>> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
>> ruser= rhost=23.94.182.3 user=root Oct 13 02:27:49 13144 sshd[12807]:
>> Failed password for root from 23.94.182.3 port 56948 ssh2 Oct 13 03:14:59
>> 13144 sshd[17220]: pam_unix(sshd:auth): authentication failure; logname=
>> uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root Oct 13 03:15:01
>> 13144 sshd[17220]: Failed password for root from 89.37.193.207 port 34724
>> ssh2 Oct 13 02:28:26 13144 sshd[12878]: pam_unix(sshd:auth): authentication
>> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.182.3 user=root
>> IP Addresses Blocked: 23.94.182.3 (US/United States/
>> 23-94-182-3-host.colocrossing.com)
>> *2025-10-13 08:14*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-13T10:14:59.181747+02:00 psifactor
>> sshd-session[3471263]: Disconnected from authenticating user root
>> 89.37.193.207 port 56660 [preauth] … (mode: instant ban, root access or
>> sth similar)
>> *2025-10-13 08:11*.*Categories:* Brute-Force, SSH.
>> *Comment:* Oct 13 05:11:59 vidsell sshd[3316863]: Invalid user deploy
>> from 89.37.193.207 port 50940 Oct 13 05:11:59 vidsell sshd[3316863]:
>> Disconnected from invalid user deploy 89.37.193.207 port 50940 [preauth] …
>> *2025-10-13 07:51*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-13T07:44:31.505422+00:00 scw-871879 sshd[1465195]:
>> Invalid user admin1234 from 89.37.193.207 port 49058
>> 2025-10-13T07:48:03.347868+00:00 scw-871879 sshd[1465551]: Invalid user
>> user from 89.37.193.207 port 48088 2025-10-13T07:49:12.616964+00:00
>> scw-871879 sshd[1465745]: Invalid user user14 from 89.37.193.207 port 53252
>> 2025-10-13T07:50:19.916176+00:00 scw-871879 sshd[1465784]: Invalid user
>> mark from 89.37.193.207 port 53178 2025-10-13T07:51:30.580945+00:00
>> scw-871879 sshd[1465885]: Invalid user dps from 89.37.193.207 port 38542 …
>> *2025-10-13 07:33*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-13T07:23:51.487923+00:00 scw-871879 sshd[1463467]:
>> Invalid user denes from 89.37.193.207 port 51822
>> 2025-10-13T07:26:59.994943+00:00 scw-871879 sshd[1463604]: Invalid user
>> helen from 89.37.193.207 port 34988 2025-10-13T07:29:33.468343+00:00
>> scw-871879 sshd[1463718]: Invalid user kariman from 89.37.193.207 port
>> 55148 2025-10-13T07:30:42.140898+00:00 scw-871879 sshd[1463762]: Invalid
>> user deploy from 89.37.193.207 port 44838 2025-10-13T07:33:52.031023+00:00
>> scw-871879 sshd[1464046]: Invalid user holu from 89.37.193.207 port 45688
>> …
>> *2025-10-13 07:30*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-13T09:24:07.169925+02:00 axisverse
>> sshd-session[3564307]: Invalid user denes from 89.37.193.207 port 34326
>> 2025-10-13T09:27:04.054740+02:00 axisverse sshd-session[3572021]: Invalid
>> user helen from 89.37.193.207 port 55078 2025-10-13T09:30:45.684764+02:00
>> axisverse sshd-session[3579520]: Invalid user deploy from 89.37.193.207
>> port 55294 …
>> *2025-10-13 07:30*.*Categories:* SSH.
>> *Comment:* SSH brute-force attempt detected by Fail2Ban
>> *2025-10-13 07:28*.*Categories:* Brute-Force, SSH.
>> *Comment:* (sshd) Failed SSH login from 89.37.193.207 (RU/Russia/-): 5
>> in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Oct
>> 13 02:24:23 9759 sshd[26791]: Invalid user denes from 89.37.193.207 port
>> 58012 Oct 13 02:24:25 9759 sshd[26791]: Failed password for invalid user
>> denes from 89.37.193.207 port 58012 ssh2 Oct 13 02:27:09 9759 sshd[27185]:
>> Invalid user helen from 89.37.193.207 port 53186 Oct 13 02:27:11 9759
>> sshd[27185]: Failed password for invalid user helen from 89.37.193.207 port
>> 53186 ssh2 Oct 13 02:28:27 9759 sshd[27282]: pam_unix(sshd:auth):
>> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
>> rhost=89.37.193.207 user=root
>> *2025-10-13 07:14*.*Categories:* Brute-Force, SSH.
>> *Comment:* SSH abuse or brute-force attack detected by Fail2Ban in ssh
>> jail
>> *2025-10-13 07:13*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-13T07:08:41.819592+00:00 de-fsn1-sbc1 sshd[4054492]:
>> Invalid user arkserver from 89.37.193.207 port 50230
>> 2025-10-13T07:11:20.735865+00:00 de-fsn1-sbc1 sshd[4054509]: Invalid user
>> ftpuser from 89.37.193.207 port 48370 2025-10-13T07:13:56.776703+00:00
>> de-fsn1-sbc1 sshd[4054551]: Invalid user seafile from 89.37.193.207 port
>> 43776 …
>> *2025-10-13 07:12*.*Categories:* Brute-Force, SSH.
>> *Comment:* Oct 13 08:11:24 nervous-edison8 sshd[3729837]: Invalid user
>> ftpuser from 89.37.193.207 port 53928 Oct 13 08:11:24 nervous-edison8
>> sshd[3729837]: pam_unix(sshd:auth): authentication failure; logname= uid=0
>> euid=0 tty=ssh ruser= rhost=89.37.193.207 Oct 13 08:11:25 nervous-edison8
>> sshd[3729837]: Failed password for invalid user ftpuser from 89.37.193.207
>> port 53928 ssh2 Oct 13 08:12:43 nervous-edison8 sshd[3730403]:
>> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
>> ruser= rhost=89.37.193.207 user=root Oct 13 08:12:45 nervous-edison8
>> sshd[3730403]: Failed password for root from 89.37.193.207 port 38352 ssh2
>> …
>> *2025-10-13 07:12*.*Categories:* Brute-Force, SSH.
>> *Comment:* SG02-GC: SSH Brute Force from 89.37.193.207 at 2025-10-13
>> 12:42:20 IST
>> *2025-10-13 07:11*.*Categories:* Brute-Force, SSH.
>> *Comment:* $f2bV_matches
>> *2025-10-13 07:08*.*Categories:* SSH.
>> *Comment:* Fail2Ban SSH login block from 89.37.193.207
>> *2025-10-13 07:04*.*Categories:* DDoS Attack Participating, Ping
>> of Death, Web Spam, Email Spam, Brute-Force, Bad Web Bot, SSH.
>> *Comment:* Oct 13 09:00:43 v2202301167543214332 sshd[1313515]: Failed
>> password for invalid user botuser from 89.37.193.207 port 33280 ssh2 Oct 13
>> 09:02:22 v2202301167543214332 sshd[1313534]: pam_unix(sshd:auth):
>> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
>> rhost=89.37.193.207 user=root Oct 13 09:02:24 v2202301167543214332
>> sshd[1313534]: Failed password for root from 89.37.193.207 port 58908 ssh2
>> Oct 13 09:04:03 v2202301167543214332 sshd[1313541]: pam_unix(sshd:auth):
>> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
>> rhost=89.37.193.207 user=root Oct 13 09:04:05 v2202301167543214332
>> sshd[1313541]: Failed password for root from 89.37.193.207 port 54548 ssh2
>> …
>> *2025-10-13 06:47*.*Categories:* DDoS Attack Participating, Ping
>> of Death, Web Spam, Email Spam, Brute-Force, Bad Web Bot, SSH.
>> *Comment:* Oct 13 08:46:12 v2202301167543214332 sshd[1313318]: Invalid
>> user frappe from 89.37.193.207 port 47288 Oct 13 08:46:12
>> v2202301167543214332 sshd[1313318]: pam_unix(sshd:auth): authentication
>> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207 Oct 13
>> 08:46:12 v2202301167543214332 sshd[1313318]: Invalid user frappe from
>> 89.37.193.207 port 47288 Oct 13 08:46:14 v2202301167543214332
>> sshd[1313318]: Failed password for invalid user frappe from 89.37.193.207
>> port 47288 ssh2 Oct 13 08:47:49 v2202301167543214332 sshd[1313338]: Invalid
>> user vpn from 89.37.193.207 port 46024 …
>> *2025-10-13 06:31*.*Categories:* DDoS Attack Participating, Ping
>> of Death, Web Spam, Email Spam, Brute-Force, Bad Web Bot, SSH.
>> *Comment:* Oct 13 08:28:22 v2202301167543214332 sshd[1312971]: Failed
>> password for root from 89.37.193.207 port 58986 ssh2 Oct 13 08:29:58
>> v2202301167543214332 sshd[1312978]: pam_unix(sshd:auth): authentication
>> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root
>> Oct 13 08:30:00 v2202301167543214332 sshd[1312978]: Failed password for
>> root from 89.37.193.207 port 45548 ssh2 Oct 13 08:31:38
>> v2202301167543214332 sshd[1313005]: pam_unix(sshd:auth): authentication
>> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root
>> Oct 13 08:31:40 v2202301167543214332 sshd[1313005]: Failed password for
>> root from 89.37.193.207 port 39816 ssh2 …
>> *2025-10-13 06:20*.*Categories:* Brute-Force.
>> *Comment:* Oct 13 06:19:00 bud01-01-vpn sshd[183862]: Failed password
>> for root from 89.37.193.207 port 36208 ssh2 Oct 13 06:20:33 bud01-01-vpn
>> sshd[183919]: pam_unix(sshd:auth): authentication failure; logname= uid=0
>> euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root Oct 13 06:20:35
>> bud01-01-vpn sshd[183919]: Failed password for root from 89.37.193.207 port
>> 40940 ssh2 …
>> *2025-10-13 06:14*.*Categories:* DDoS Attack Participating, Ping
>> of Death, Web Spam, Email Spam, Brute-Force, Bad Web Bot, SSH.
>> *Comment:* Oct 13 08:11:12 v2202301167543214332 sshd[1312798]: Failed
>> password for root from 89.37.193.207 port 45456 ssh2 Oct 13 08:12:38
>> v2202301167543214332 sshd[1312817]: pam_unix(sshd:auth): authentication
>> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root
>> Oct 13 08:12:40 v2202301167543214332 sshd[1312817]: Failed password for
>> root from 89.37.193.207 port 43508 ssh2 Oct 13 08:14:02
>> v2202301167543214332 sshd[1312821]: pam_unix(sshd:auth): authentication
>> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root
>> Oct 13 08:14:04 v2202301167543214332 sshd[1312821]: Failed password for
>> root from 89.37.193.207 port 51420 ssh2 …
>> *2025-10-13 06:13*.*Categories:* Brute-Force, SSH.
>> *Comment:* (sshd) Failed SSH login from 89.37.193.207 (RU/Russia/-): 10
>> in the last 3600 secs
>> *2025-10-13 06:13*.*Categories:* Brute-Force.
>> *Comment:* [sshd] (D1_AjieDevAIO-IP-126) Fail2Ban Jail: sshd auto-report
>> *2025-10-13 06:10*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-13T06:09:02.631165+00:00 edge-con-sao01.int.pdx.net.uk
>> sshd[1525991]: Failed password for root from 89.37.193.207 port 57724 ssh2
>> 2025-10-13T06:10:25.253561+00:00 edge-con-sao01.int.pdx.net.uk
>> sshd[1526413]: pam_unix(sshd:auth): authentication failure; logname= uid=0
>> euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root
>> 2025-10-13T06:10:27.031197+00:00 edge-con-sao01.int.pdx.net.uk
>> sshd[1526413]: Failed password for root from 89.37.193.207 port 35438 ssh2
>> …
>> *2025-10-13 06:10*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-13T06:06:14.169430+00:00 eu-north-sto1 sshd[1074416]:
>> Disconnected from authenticating user root 89.37.193.207 port 45108
>> [preauth] 2025-10-13T06:09:00.478611+00:00 eu-north-sto1 sshd[1083926]:
>> Disconnected from authenticating user root 89.37.193.207 port 44486
>> [preauth] 2025-10-13T06:10:24.901949+00:00 eu-north-sto1 sshd[1089088]:
>> Disconnected from authenticating user root 89.37.193.207 port 49004
>> [preauth] …
>> *2025-10-13 06:08*.*Categories:* Brute-Force, SSH.
>> *Comment:* 89.37.193.207 (RU/Russia/-), 5 distributed sshd attacks on
>> account [root] in the last 3600 secs; Ports: *; Direction: 1; Trigger:
>> LF_DISTATTACK; Logs: Oct 13 00:57:51 14499 sshd[12114]:
>> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
>> ruser= rhost=152.32.163.183 user=root Oct 13 00:57:54 14499 sshd[12114]:
>> Failed password for root from 152.32.163.183 port 53050 ssh2 Oct 13
>> 01:07:50 14499 sshd[13056]: pam_unix(sshd:auth): authentication failure;
>> logname= uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root Oct 13
>> 01:05:33 14499 sshd[12888]: pam_unix(sshd:auth): authentication failure;
>> logname= uid=0 euid=0 tty=ssh ruser= rhost=119.96.191.166 user=root Oct 13
>> 01:05:35 14499 sshd[12888]: Failed password for root from 119.96.191.166
>> port 59978 ssh2 IP Addresses Blocked: 152.32.163.183 (VN/Vietnam/-)
>> *2025-10-13 05:51*.*Categories:* Brute-Force, SSH.
>> *Comment:* Oct 13 05:48:46 webundsoshit sshd[3550224]:
>> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
>> ruser= rhost=89.37.193.207 user=root Oct 13 05:48:47 webundsoshit
>> sshd[3550224]: Failed password for root from 89.37.193.207 port 38486 ssh2
>> Oct 13 05:49:57 webundsoshit sshd[3550430]: pam_unix(sshd:auth):
>> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
>> rhost=89.37.193.207 user=root Oct 13 05:49:59 webundsoshit sshd[3550430]:
>> Failed password for root from 89.37.193.207 port 51360 ssh2 Oct 13 05:51:11
>> webundsoshit sshd[3550744]: Invalid user deploy from 89.37.193.207 port
>> 40280 …
>> *2025-10-13 05:23*.*Categories:* Brute-Force, SSH.
>> *Comment:* Oct 13 05:21:58 webundsoshit sshd[3544787]:
>> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
>> ruser= rhost=89.37.193.207 Oct 13 05:22:00 webundsoshit sshd[3544787]:
>> Failed password for invalid user bigdata from 89.37.193.207 port 40826 ssh2
>> Oct 13 05:23:14 webundsoshit sshd[3545107]: Invalid user newuser1 from
>> 89.37.193.207 port 35244 Oct 13 05:23:14 webundsoshit sshd[3545107]:
>> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
>> ruser= rhost=89.37.193.207 Oct 13 05:23:16 webundsoshit sshd[3545107]:
>> Failed password for invalid user newuser1 from 89.37.193.207 port 35244
>> ssh2 …
>> *2025-10-13 05:22*.*Categories:* Brute-Force, SSH.
>> *Comment:* (sshd) Failed SSH login from 89.37.193.207 (RU/Russia/-): 5
>> in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Oct
>> 13 00:18:49 21567 sshd[31938]: pam_unix(sshd:auth): authentication failure;
>> logname= uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root Oct 13
>> 00:18:51 21567 sshd[31938]: Failed password for root from 89.37.193.207
>> port 50966 ssh2 Oct 13 00:21:27 21567 sshd[32160]: Invalid user bigdata
>> from 89.37.193.207 port 53226 Oct 13 00:21:29 21567 sshd[32160]: Failed
>> password for invalid user bigdata from 89.37.193.207 port 53226 ssh2 Oct 13
>> 00:22:46 21567 sshd[32593]: Invalid user newuser1 from 89.37.193.207 port
>> 51166
>> *2025-10-13 05:21*.*Categories:* Brute-Force, SSH.
>> *Comment:* Oct 12 23:21:51 b146-17 sshd[1443617]: Invalid user bigdata
>> from 89.37.193.207 port 33630 Oct 12 23:21:51 b146-17 sshd[1443617]:
>> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
>> ruser= rhost=89.37.193.207 Oct 12 23:21:53 b146-17 sshd[1443617]: Failed
>> password for invalid user bigdata from 89.37.193.207 port 33630 ssh2 …
>> *2025-10-13 04:36*.*Categories:* Brute-Force, SSH.
>> *Comment:* (sshd) Failed SSH login from 89.37.193.207 (AE/United Arab
>> Emirates/-)
>> *2025-10-13 04:32*.*Categories:* Brute-Force, SSH.
>> *Comment:* (sshd) Failed SSH login from 89.37.193.207 (RU/Russia/-): 5
>> in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Oct
>> 12 23:29:09 17911 sshd[11923]: Invalid user eliot from 89.37.193.207 port
>> 59440 Oct 12 23:29:10 17911 sshd[11923]: Failed password for invalid user
>> eliot from 89.37.193.207 port 59440 ssh2 Oct 12 23:30:54 17911 sshd[12120]:
>> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
>> ruser= rhost=89.37.193.207 user=root Oct 12 23:30:57 17911 sshd[12120]:
>> Failed password for root from 89.37.193.207 port 46058 ssh2 Oct 12 23:32:09
>> 17911 sshd[12326]: pam_unix(sshd:auth): authentication failure; logname=
>> uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root
>> *2025-10-13 04:30*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-13T06:28:30.638277+02:00 games.mrejata.eu
>> sshd[545772]: Failed password for invalid user eliot from 89.37.193.207
>> port 56124 ssh2 2025-10-13T06:30:42.373214+02:00 games.mrejata.eu
>> sshd[545780]: pam_unix(sshd:auth): authentication failure; logname= uid=0
>> euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root
>> 2025-10-13T06:30:44.592754+02:00 games.mrejata.eu sshd[545780]: Failed
>> password for root from 89.37.193.207 port 34870 ssh2 …
>> *2025-10-13 04:30*.*Categories:* Brute-Force, SSH.
>> *Comment:* Fail2Ban: activité malveillante détectée (jail: sshd)
>> *2025-10-13 04:01*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-12T22:54:56.304496-05:00 instance-20240522-152753
>> sshd[1174946]: Invalid user zs from 89.37.193.207 port 56480
>> 2025-10-12T22:57:28.731436-05:00 instance-20240522-152753 sshd[1175038]:
>> Invalid user adminuser from 89.37.193.207 port 39926
>> 2025-10-12T22:58:45.512430-05:00 instance-20240522-152753 sshd[1175062]:
>> Invalid user abe from 89.37.193.207 port 34202
>> 2025-10-12T23:01:13.439381-05:00 instance-20240522-152753 sshd[1175622]:
>> Invalid user dat from 89.37.193.207 port 36582 …
>> *2025-10-13 03:50*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-13T03:51:19.757629+00:00 prod-westeu sshd[2607551]:
>> Invalid user spike from 89.37.193.207 port 36332
>> 2025-10-13T03:51:19.761747+00:00 prod-westeu sshd[2607551]:
>> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
>> ruser= rhost=89.37.193.207 2025-10-13T03:51:21.916076+00:00 prod-westeu
>> sshd[2607551]: Failed password for invalid user spike from 89.37.193.207
>> port 36332 ssh2 …
>> *2025-10-13 03:45*.*Categories:* SSH.
>> *Comment:* Attempts to access SSH server with wrong credentials
>> *2025-10-13 03:44*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-12T22:39:25.215494-05:00 instance-20240522-152753
>> sshd[1174004]: Invalid user add from 89.37.193.207 port 36906
>> 2025-10-12T22:41:34.369775-05:00 instance-20240522-152753 sshd[1174099]:
>> Invalid user casino from 89.37.193.207 port 60258
>> 2025-10-12T22:42:51.042074-05:00 instance-20240522-152753 sshd[1174128]:
>> Invalid user ram from 89.37.193.207 port 41632
>> 2025-10-12T22:44:07.258418-05:00 instance-20240522-152753 sshd[1174177]:
>> Invalid user spring from 89.37.193.207 port 58056 …
>> *2025-10-13 03:42*.*Categories:* Brute-Force, SSH.
>> *Comment:* (sshd) Failed SSH login from 89.37.193.207 (RU/Russia/-): 5
>> in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Oct
>> 12 22:37:54 14020 sshd[17779]: Invalid user add from 89.37.193.207 port
>> 60594 Oct 12 22:37:56 14020 sshd[17779]: Failed password for invalid user
>> add from 89.37.193.207 port 60594 ssh2 Oct 12 22:41:05 14020 sshd[18131]:
>> Invalid user casino from 89.37.193.207 port 51232 Oct 12 22:41:07 14020
>> sshd[18131]: Failed password for invalid user casino from 89.37.193.207
>> port 51232 ssh2 Oct 12 22:42:21 14020 sshd[18223]: Invalid user ram from
>> 89.37.193.207 port 51670
>> *2025-10-13 03:27*.*Categories:* Brute-Force, SSH.
>> *Comment:* Oct 13 06:26:03 www7 sshd[2936448]: Invalid user yoga from
>> 89.37.193.207 port 40622 Oct 13 06:26:06 www7 sshd[2936448]: Failed
>> password for invalid user yoga from 89.37.193.207 port 40622 ssh2 Oct 13
>> 06:27:15 www7 sshd[2936515]: Invalid user loc from 89.37.193.207 port 45646
>> …
>> *2025-10-13 03:20*.*Categories:* Brute-Force, SSH.
>> *Comment:* SSH Brute force: 55 attempts were recorded from 89.37.193.207
>> 2025-10-13T03:52:41+02:00 Invalid user vpn from 89.37.193.207 port 51274
>> 2025-10-13T03:56:00+02:00 Invalid user lu from 89.37.193.207 port 57956
>> 2025-10-13T03:57:29+02:00 Invalid user ubuntu from 89.37.193.207 port 33686
>> 2025-10-13T03:59:02+02:00 Invalid user readonly from 89.37.193.207 port
>> 47532 2025-10-13T04:00:30+02:00 Invalid user ubuntu from 89.37.193.207 port
>> 36710 2025-10-13T04:01:59+02:00 Invalid user scpuser from 89.37.193.207
>> port 47022 2025-10-13T04:03:30+02:00 Disconnected from authenticating user
>> root 89.37.193.207 port 35386 [preauth] 2025-10-13T04:05:01+02:00 Invalid
>> user penis from 89.37.193.207 port 56820 2025-10-13T04:06:28+02:00
>> Disconnected from authenticating user root 89.37.193.207 port 33826
>> [preauth] 2025-10-13T04:07:53+02:00 Invalid user vaibhav from 89.37.193.207
>> port 54540 2025-10-13T04:09:25+02:00
>> *2025-10-13 03:10*.*Categories:* Brute-Force, SSH.
>> *Comment:* Oct 13 06:09:39 www7 sshd[2935471]: Invalid user tester from
>> 89.37.193.207 port 57780 Oct 13 06:09:41 www7 sshd[2935471]: Failed
>> password for invalid user tester from 89.37.193.207 port 57780 ssh2 Oct 13
>> 06:10:47 www7 sshd[2935577]: Invalid user braga from 89.37.193.207 port
>> 42086 …
>> *2025-10-13 02:59*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-13T02:55:53.081765+00:00 Linux04 sshd[3202249]:
>> Invalid user gavin from 89.37.193.207 port 45046
>> 2025-10-13T02:55:53.086273+00:00 Linux04 sshd[3202249]:
>> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
>> ruser= rhost=89.37.193.207 2025-10-13T02:55:55.305639+00:00 Linux04
>> sshd[3202249]: Failed password for invalid user gavin from 89.37.193.207
>> port 45046 ssh2 2025-10-13T02:57:02.352056+00:00 Linux04 sshd[3205697]:
>> Invalid user ftpuser from 89.37.193.207 port 39812
>> 2025-10-13T02:57:02.353949+00:00 Linux04 sshd[3205697]:
>> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
>> ruser= rhost=89.37.193.207 2025-10-13T02:57:04.045635+00:00 Linux04
>> sshd[3205697]: Failed password for invalid user ftpuser from 89.37.193.207
>> port 39812 ssh2 2025-10-13T02:58:10.885953+00:00 Linux04 sshd[3208817]:
>> Invalid user fox from 89.37.193.207 port 45592
>> 2025-10-13T02:58:10.887771+00:00 Linux04 sshd[3208817]:
>> pam_unix(sshd:auth): authentication failure; logn …
>> *2025-10-13 02:57*.*Categories:* Brute-Force, SSH.
>> *Comment:* [Fail2Ban:sshd-spray] …
>> *2025-10-13 02:55*.*Categories:* Brute-Force, SSH.
>> *Comment:* Oct 13 03:54:35 server sshd[3243695]: Failed password for
>> root from 89.37.193.207 port 39662 ssh2 Oct 13 03:55:49 server
>> sshd[3243851]: Invalid user gavin from 89.37.193.207 port 41888 Oct 13
>> 03:55:49 server sshd[3243851]: pam_unix(sshd:auth): authentication failure;
>> logname= uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207 Oct 13 03:55:49
>> server sshd[3243851]: Invalid user gavin from 89.37.193.207 port 41888 Oct
>> 13 03:55:52 server sshd[3243851]: Failed password for invalid user gavin
>> from 89.37.193.207 port 41888 ssh2 …
>> *2025-10-13 02:55*.*Categories:* Brute-Force, SSH.
>> *Comment:* (sshd) Failed SSH login from 89.37.193.207 (RU/Russia/-): 5
>> in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Oct
>> 13 02:51:04 23953 sshd[14586]: Invalid user gits from 89.37.193.207 port
>> 46974 Oct 13 02:51:06 23953 sshd[14586]: Failed password for invalid user
>> gits from 89.37.193.207 port 46974 ssh2 Oct 13 02:54:04 23953 sshd[14825]:
>> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
>> ruser= rhost=89.37.193.207 user=root Oct 13 02:54:06 23953 sshd[14825]:
>> Failed password for root from 89.37.193.207 port 56406 ssh2 Oct 13 02:55:22
>> 23953 sshd[14919]: Invalid user gavin from 89.37.193.207 port 41504
>> *2025-10-13 02:54*.*Categories:* Brute-Force, SSH.
>> *Comment:* Oct 13 05:51:22 www7 sshd[2933953]: Failed password for
>> invalid user gits from 89.37.193.207 port 47604 ssh2 Oct 13 05:54:09 www7
>> sshd[2934051]: pam_unix(sshd:auth): authentication failure; logname= uid=0
>> euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root Oct 13 05:54:11 www7
>> sshd[2934051]: Failed password for root from 89.37.193.207 port 57198 ssh2
>> …
>> *2025-10-13 02:53*.*Categories:* SSH.
>> *Comment:* SSH bruteforce
>> *2025-10-13 01:56*.*Categories:* Brute-Force, SSH.
>> *Comment:* Brute-force SSH server detected by Fail2ban
>> *2025-10-13 01:56*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-13T01:53:38.581194+00:00
>> backup-309171561-ubuntu-4gb-fsn1-1 sshd[1745537]: pam_unix(sshd:auth):
>> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
>> rhost=89.37.193.207 2025-10-13T01:53:40.716151+00:00
>> backup-309171561-ubuntu-4gb-fsn1-1 sshd[1745537]: Failed password for
>> invalid user vpn from 89.37.193.207 port 50922 ssh2
>> 2025-10-13T01:56:22.373962+00:00 backup-309171561-ubuntu-4gb-fsn1-1
>> sshd[1745588]: Invalid user lu from 89.37.193.207 port 34704 …
>> *2025-10-13 01:52*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-13T09:52:48.622280+08:00 pbs sshd[3823865]:
>> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
>> ruser= rhost=89.37.193.207 2025-10-13T09:52:50.225618+08:00 pbs
>> sshd[3823865]: Failed password for invalid user vpn from 89.37.193.207 port
>> 45778 ssh2 …
>> *2025-10-13 01:25*.*Categories:* Brute-Force.
>> *Comment:* Brute force attempt — 3 login attempts (3 failed)
>> *2025-10-13 01:20*.*Categories:* Port Scan, Brute-Force, SSH.
>> *Comment:* Unauthorized connection attempt detected, SSH Brute-Force
>> *2025-10-13 01:07*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-13T02:58:21.699546+02:00 misaka-vm-s3n-2c4g-ber
>> sshd[2832483]: Invalid user deploy from 89.37.193.207 port 49578
>> 2025-10-13T03:03:19.835692+02:00 misaka-vm-s3n-2c4g-ber sshd[2832534]:
>> Invalid user vpn from 89.37.193.207 port 48866
>> 2025-10-13T03:07:31.491050+02:00 misaka-vm-s3n-2c4g-ber sshd[2832550]:
>> Invalid user hadi from 89.37.193.207 port 45386 …
>> *2025-10-13 01:04*.*Categories:* Brute-Force, SSH.
>> *Comment:* (sshd) Failed SSH login from 89.37.193.207 (RU/Russia/-): 5
>> in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Oct
>> 12 20:01:37 13593 sshd[28991]: Invalid user deploy from 89.37.193.207 port
>> 36494 Oct 12 20:01:40 13593 sshd[28991]: Failed password for invalid user
>> deploy from 89.37.193.207 port 36494 ssh2 Oct 12 20:03:07 13593
>> sshd[29134]: pam_unix(sshd:auth): authentication failure; logname= uid=0
>> euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root Oct 12 20:03:09 13593
>> sshd[29134]: Failed password for root from 89.37.193.207 port 33058 ssh2
>> Oct 12 20:04:24 13593 sshd[29211]: Invalid user vpn from 89.37.193.207 port
>> 42844
>> *2025-10-13 01:04*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-13T01:03:04.879144+00:00 my-vps sshd[1452850]:
>> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
>> ruser= rhost=89.37.193.207 user=root 2025-10-13T01:03:06.498186+00:00
>> my-vps sshd[1452850]: Failed password for root from 89.37.193.207 port
>> 37404 ssh2 2025-10-13T01:04:22.604149+00:00 my-vps sshd[1452854]: Invalid
>> user vpn from 89.37.193.207 port 49358 2025-10-13T01:04:22.606953+00:00
>> my-vps sshd[1452854]: pam_unix(sshd:auth): authentication failure; logname=
>> uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207
>> 2025-10-13T01:04:24.265715+00:00 my-vps sshd[1452854]: Failed password for
>> invalid user vpn from 89.37.193.207 port 49358 ssh2 …
>> *2025-10-13 01:03*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-13T03:02:40.728838+02:00 marvibiene sshd[695287]:
>> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
>> ruser= rhost=89.37.193.207 user=root 2025-10-13T03:02:42.387200+02:00
>> marvibiene sshd[695287]: Failed password for root from 89.37.193.207 port
>> 58972 ssh2 2025-10-13T03:03:56.785226+02:00 marvibiene sshd[695746]:
>> Invalid user vpn from 89.37.193.207 port 50224
>> 2025-10-13T03:03:56.787163+02:00 marvibiene sshd[695746]:
>> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
>> ruser= rhost=89.37.193.207 2025-10-13T03:03:58.546137+02:00 marvibiene
>> sshd[695746]: Failed password for invalid user vpn from 89.37.193.207 port
>> 50224 ssh2
>> *2025-10-13 01:03*.*Categories:* Brute-Force, SSH.
>> *Comment:* SSH Brute Force Attack from 89.37.193.207 Threat Details: —
>> Type: SSH Brute Force Attack — Target Service: sshd-aggressive — Target
>> Server: insightvm — Detection Time: 2025-10-13 03:03:04 — Source Country:
>> United Arab Emirates — Source ISP: ABCVG — Reverse DNS: Description:
>> Automated SSH login attempts detected from this IP address
>> *2025-10-13 01:02*.*Categories:* Brute-Force, SSH.
>> *Comment:* Oct 13 00:59:03 v4bgp sshd[602510]: Failed password for
>> invalid user deploy from 89.37.193.207 port 42460 ssh2 Oct 13 01:02:17
>> v4bgp sshd[602617]: pam_unix(sshd:auth): authentication failure; logname=
>> uid=0 euid=0 tty=ssh ruser= rhost=89.37.193.207 user=root Oct 13 01:02:19
>> v4bgp sshd[602617]: Failed password for root from 89.37.193.207 port 47170
>> ssh2 …
>> *2025-10-13 00:09*.*Categories:* Brute-Force, SSH.
>> *Comment:* 2025-10-13T00:03:28.245250+00:00 edge-con-sjc01.int.pdx.net.uk
>> sshd[2269718]: pam_unix(sshd:auth): authentication failure; logname= uid=0
>> euid=0 tty=ssh ruser= rhost=89.37.193.207 2025-10-13T00:03:30.611667+00:00
>> edge-con-sjc01.int.pdx.net.uk sshd[2269718]: Failed password for invalid
>> user debian from 89.37.193.207 port 59238 ssh2
>> 2025-10-13T00:09:08.136277+00:00 edge-con-sjc01.int.pdx.net.uk
>> sshd[2272840]: Invalid user user3 from 89.37.193.207 port 42708 …
>> *2025-10-13 00:06*.*Categories:* Brute-Force, SSH.
>> *Comment:* SSH brute force
>> *2025-10-13 00:05*.*Categories:* Brute-Force.
>> *Comment:* SSH brute force attack detected: 5 failed attempts
>> *2025-10-13 00:03*.*Categories:* Brute-Force, SSH.
>> *Comment:* 89.37.193.207 (RU/Russia/-), 5 distributed sshd attacks on
>> account [debian] in the last 3600 secs; Ports: *; Direction: 1; Trigger:
>> LF_DISTATTACK; Logs: Oct 12 19:03:28 13301 sshd[6558]: Invalid user debian
>> from 202.148.55.168 port 36244 Oct 12 19:02:53 13301 sshd[6370]: Invalid
>> user debian from 78.47.144.126 port 38616 Oct 12 19:02:01 13301 sshd[6128]:
>> Invalid user debian from 89.37.193.207 port 52298 Oct 12 19:02:02 13301
>> sshd[6128]: Failed password for invalid user debian from 89.37.193.207 port
>> 52298 ssh2 Oct 12 19:02:56 13301 sshd[6370]: Failed password for invalid
>> user debian from 78.47.144.126 port 38616 ssh2 IP Addresses Blocked:
>> 202.148.55.168 (NL/The Netherlands/-) 78.47.144.126 (DE/Germany/
>> static.126.144.47.78.clients.your-server.de)
>> Please go to the InterLIR Portal Abuses page
>>
>> for more information and *confirm* resolving the abuse.
>> *Note:* if the abuse complaint is old and the problem has already been
>> resolved, please *confirm* this in the dashboard.
>> Have any question so far? Visit InterLIR Support
>>
>> or contact us
>> .
>>
>> Thanks,
>> InterLIR
>> InterLIR GmbH, Berlin
>>
>

Published by SpaceCore